[19190] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

kadmin security requirements

daemon@ATHENA.MIT.EDU (Brian Minard)
Sun May 4 10:40:33 2003

Date: Sun, 4 May 2003 10:34:07 -0400
From: Brian Minard <bminard@flatfoot.ca>
To: kerberos@mit.edu
Message-ID: <20030504143407.GA8617@spud.flatfoot.ca>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Errors-To: kerberos-bounces@mit.edu

Hello,

I'm curious about an answer in the FAQ which discusess the
administration server.  The answer to question 1.14, says
(in part):

  In most Kerberos implementations there is also an administration
  server which allows remote manipulation of the Kerberos database.
  This administration server usually runs on the KDC.

I'm unclear on a couple of issues arising from these statements.

  (a) are the security requirements for the administration server
  the same as those for the KDC?

  (b) what is considered the best practice for these servers--should
  they reside on the same machine, different machines, or should the
  administration server be turned off?

Thanks,
Brian
-- 
Brian Minard
bminard@flatfoot.ca
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19190] in Kerberos

kadmin security requirements

daemon@ATHENA.MIT.EDU (Brian Minard)Sun May 4 10:40:33 2003

daemon@ATHENA.MIT.EDU (Brian Minard)
Sun May 4 10:40:33 2003