KDC Hardware

Turbo Fredriksson turbo at bayour.com
Tue Jan 10 03:23:43 EST 2006


Quoting Jeffrey Hutzelman <jhutz at cmu.edu>:

> On Saturday, January 07, 2006 11:38:47 AM +0100 Turbo Fredriksson
> <turbo at bayour.com> wrote:
>
>> Security? Nah, both need _extra ordinary security_ so it's easier to
>> safegard ONE machine than two (* nr of slaves of course :).
>
> On the contrary, depending on what you are using your LDAP directory
> for, it may not require any more security than any other application.
> [...]
> If your LDAP server is compromised, you reinstall the machine, restore
> the database from backups, and get on with life, just like for any
> other service.
>
> Depending on what you store in the directory, it's
> possible the intruder obtained sensitive information, but that's also
> true of other services, such as a mail server.

Oki, true. Point taken.

I was thinking in my very first attemts with LDAP. There I had the password
in the LDAP database. I didn't have Kerberos back then...



More information about the Kerberos mailing list