AW: Common keytab file for all the application servers - Isitpossible???
Barbat, Calin
c.barbat at osram.de
Wed Jan 4 02:43:39 EST 2006
Agreed. This is why "technically speaking" below...
Regards
Calin
-----Ursprüngliche Nachricht-----
Von: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] Im Auftrag von Markus Moeller
Gesendet: Montag, 2. Januar 2006 13:04
An: kerberos at MIT.EDU
Betreff: Re: Common keytab file for all the application servers - Isitpossible???
If you use the same keytab, the compromise of one device means you loose the security of all devices as the keytab can be used to sniff the traffic.
Markus
""Barbat, Calin"" <c.barbat at osram.de> wrote in message news:60DE0C5FDA5A594EAB0F71425A0A3CEF03B996 at exc-mch01.mch.osram.de...
> Hi Sandy,
>
> of course you can use the same keytab on every device. At least, I
> can't see why it should not be possible - technically speaking. You
> should only consider if you want this scenario - all 100 devices
> connecting as the same user.
>
> Try it with 2 devices first - copy the same keytab to both of them,
> then interact with them, it should work fine.
>
> Best regards,
>
> - Calin.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list