[4851] in Kerberos
Re: Dueling Books
daemon@ATHENA.MIT.EDU (David R Weisman)
Tue Mar 21 22:40:13 1995
To: kerberos@MIT.EDU
Date: Tue, 21 Mar 1995 23:40:16 GMT
From: weisman@world.std.com (David R Weisman)
Jonathan I. Kamens (jik@cam.ov.com) wrote:
: All of this is why the authentication server is supposed to be kept
: secure, with as few services running on it as possible, and with as few
: people allowed to log into it as possible, and preferably with those
: people only allowed to log into it over the network using
: Kerberos-authenticated connections.
This is clearly true. One site I know does keep their Kerberos machine
physically secure, but their sysadmins regularly telnet (non-Kerberized)
into that machine for routine maintenance. The machine's tape backups are
also not treated securely. I did point this out to them, but all I got was
a blank stare...
Go figure :-)
Dave