[91199] in North American Network Operators' Group
Re: Best practices inquiry: tracking SSH host keys
daemon@ATHENA.MIT.EDU (Shumon Huque)
Sun Jul 9 14:40:22 2006
Date: Sun, 9 Jul 2006 14:39:50 -0400
From: Shumon Huque <shuque@isc.upenn.edu>
To: David Nolan <vitroth+@cmu.edu>
Cc: nanog@nanog.org
In-Reply-To: <390360000.1152281915@black-omega.net.cmu.edu>
Errors-To: owner-nanog@merit.edu
On Fri, Jul 07, 2006 at 10:18:35AM -0400, David Nolan wrote:
> --On Thursday, July 06, 2006 18:22:48 -0700 Jeremy Chadwick
> <nanog@jdc.parodius.com> wrote:
>
> >Speaking purely from a system administration point of view, Kerberos
> >is also a nightmare. Not only does the single-point-of-failure
> >induce red flags in most SAs I know (myself included),
>
> If a deployed kerberos environment has a single point of failure then its
> been deployed poorly. Kerberos has replication mechanisms to provide
> redundancy. The only think you can't replicate in K5 is the actual master,
> meaning that if the master is down you can't change passwords, create
> users, etc. While thats a single point of failure its not typically a
> real-time critical one.
Furthermore, it isn't impossible to design a multi-master Kerberos
service. I can think of a number of designs, but it would have to
be done carefully. I've heard people talking about this in the
past, but I haven't yet seen any implementations.
--Shumon.
