How do you have your Kerberos service set up?

[Daniel Henninger]

Howdy folk,

We have been pressured recently about how our Kerberos service is  
"insecure" because it does not account for folk failing to type the  
right password in X number of times, or something like that.   
(intrusion detection)  Like, why doesn't the account "lock" at that  
point because 'clearly someone is trying to break in at that point'.   
So, first off, let me describe our setup.  We have a single master  
kerberos server, replicated to 6 slaves.  Now, if I look in our  
database at various entries, I can see the "last password failure"  
and such fields, and have seen that there is a lot of functionality  
present in Kerberos for handling situations like this.  However, what  
I'm also to understand is that this requires only writable Kerberos  
servers.  (in other words, no slaves)  Dropping to a single writable 
(master) kerberos server and no slaves just flat out makes me  
nervous, and doesn't seem like a good idea.  So... what then?  Are  
you stuck with the decision of:

A. replicated redundant authentication service, no 'intrusion detection'
B. intrusion detection, but no replication or redundancy

What are other universities and/or corporations doing?  MIT, my  
apologies for singling you out, but would you mind describing your  
own set up a bit and if you have run into this issue before/what you  
did about it/etc?

Thanks for any thoughts anyone might have!

Daniel

-- 
Daniel Henninger <daniel at ncsu.edu>
Systems Programmer
Information Technology Division