Kerberos n00b question.

Grant Taylor gtaylor at tnetconsulting.net
Mon Jan 7 12:33:22 EST 2019


Hi,

I have what may seem like a Kerberos n00b question.

I've been around, but largely ignored, Kerberos for years.  As I'm now 
investigating doing things with it, and really liking what I'm seeing, 
I'm starting to wonder if there are any security guidelines about where 
it's safe to use Kerberos.

It's my (mis?)understanding that communications between Kerberos clients 
and the KDC are in the clear (but do not include the password), and that 
there is functionally no communications between a remote server and the KDC.

As such, I'm wondering if it would be relatively safe enough to use 
Kerberos to authenticate to a VPS in the cloud when both the client and 
KDC are on the LAN.  I think Kerberized SSH would be the only Kerberos 
related traffic across the Big Bad Internet to the VPS.  Is this correct?

Can anyone point me to some general reading that any /a ll Kerberos n00b 
should read?  (I've been following How-Tos and gotten a lot to work.)

Thank you in advance.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190107/18c94337/attachment-0001.bin


More information about the Kerberos mailing list