[29027] in Kerberos
Re: Heimdal KDC, Windows XP and local users
daemon@ATHENA.MIT.EDU (Javier Palacios)
Mon Jan 14 07:38:47 2008
Message-ID: <a64bf030801140438y17abe645s54d81e942a51d490@mail.gmail.com>
Date: Mon, 14 Jan 2008 13:38:05 +0100
From: "Javier Palacios" <javiplx@gmail.com>
To: volkmar.glauche@uniklinik-freiburg.de
In-Reply-To: <1200312520.5134.30.camel@nz23161.ukl.uni-freiburg.de>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> > You don't need two databases. Both heimdal and MIT current versions
> > allow LDAP as "database" for credentials so you have a single
> > database. I've not used MIT, but I've been using heimdal-ldap for a
> > long time without problems.
>
> This is true. I'm doing the same with heimdal as you. But if there are
> security concerns about storing kerberos credentials in LDAP, then you
> need 2 databases. A KDC doesn't store other things than credentials in
> its native database.
Having encrypted keys (mkey_file) and strict ACL for ldap access
covers online and backup security. And as root can read everything
that's enough for me.
Javier Palacios
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
