KDC Hardware
Turbo Fredriksson
turbo at bayour.com
Sun Jan 8 14:54:12 EST 2006
Quoting "Amir Saad" <Amir.Saad at bibalex.org>:
> so sorry i didn't mean that, i mean to secure not to avoid to secure (so sorry!)
Ah, that explains a lot :)
But you should keep the LDAP server (just as) safe as well. As
I said in the mail, it's not nearly as important as the KDC, but
it is important enough that if it gets cracked, you (nor your
users) will be able to login nor do any work.
Theoretically you can, but can you guarantee that noone is
'listening' (on the authentication, authorization and what not)...
If 'they' do, then you can consider your KDC cracked as well.
This is the reason why _I_ recommend having both on the same
machine... If it gets cracked, you're screwed anyway (untill
you get another machine up and running and all that that's
needed after someone have broken into your system). As I see
it, it doesn't matter if 'they' crack the LDAP server or the
KDC, both are such a vital part of the/your network, you can't
survive without _both_ (at the same time).
More information about the Kerberos
mailing list