Moving Kerberos to the Cloud?

[Russ Allbery]

tareq.alrashid at case.edu writes:

> The higher ups asked: Feasibility of moving the University’s MIT
> Kerberos authentication critical service infrastructures to the Cloud?

> Has any of the Higher-Education institutions out there done or thought
> about doing this, and how feasible was it.

It's completely feasible in the sense that a shotgun will successfully
blow your foot off with very little extra effort.

Your authentication service, when compromised, provides unfettered access
to absolutely everything you run.  We won't even virtualize it, let alone
move it into the cloud.  It needs to be run in the most secure environment
that you can possibly find and as isolated as possible from everything
else.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>