On 2012-06-05 9:54 AM, Russ Allbery wrote: > Our KDCs have always been open to the Internet. Ugh. Any do's and dont's? How do you harden the KDC (not the host but the kerberos side)? It will solve some of our problems as well but it was deemed too risky. Perhaps it is time to have another look. -- Eray Aslan