Peter Jordan <usernetw...@gmx.info> writes: > It is not my decission to isolate kerberos. > > Is it safe to open kerberos for the world?
It's not clear that anyone on this list can answer that question since it depends on what "safe" and "kerberos" mean in the context of your organization. The meaning of "safe" is defined by the organizational security policy and the meaning of "kerberos" will depend on which implementation has been used. For example there seems to be a school of thought amongst certain deployers of Active Directory (a component of which is a kerberos KDC) that it should not be exposed more widely than strictly necessary. There are however plenty of deployments of Heimdal and MIT KDCs that are exposed to the world and, incidentally, derive much advantage by so doing. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
