[OpenAFS-devel] Multi-Realm Kerberos Support in 1.4.x
Atro Tossavainen
atro.tossavainen+openafs@helsinki.fi
Tue, 23 Sep 2008 21:19:09 +0300 (EEST)
> We own and run both the MIT KDCs and the AD infrastructure so that
> won't be a problem,
You're making the bold assumption that there are no fatal flaws in either.
Now I might trust either one in isolation (as there is relatively little
else you can do...) but I would seriously think twice about granting
access to the native Kerberos services based on AD even if you're
nominally in control of both.
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS