is it safe to put KDC into DMZ? - Kerberos

This is a discussion on is it safe to put KDC into DMZ? - Kerberos ; Hi, Just wanted to know if it is safe to put a KDC-Server into DMZ? TIA Herbert ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos...

+ Reply to Thread
Results 1 to 2 of 2

Thread: is it safe to put KDC into DMZ?

  1. is it safe to put KDC into DMZ?

    Hi,

    Just wanted to know if it is safe to put a KDC-Server into DMZ?

    TIA
    Herbert


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

  2. Re: is it safe to put KDC into DMZ?

    Herbert Steininger wrote:
    > Hi,
    >
    > Just wanted to know if it is safe to put a KDC-Server into DMZ?
    >
    > TIA
    > Herbert

    Kerberos is designed to be the authentication service that clients
    will use to obtain access to the rest of the services within your
    infrastructure. As such it must be accessible to the clients in
    order for it to perform its job.

    Adding a proxy service in front of the KDC would not add any additional
    security but does increase the amount of code that would need to be
    audited to prevent against attacks.

    Whether you decide to place your KDC in the DMZ is a decision that
    must be made based upon a risk assessment of your organization's
    infrastructure. However, it is the intent of the designers that making
    access to the KDC publicly available should be safe.

    Jeffrey Altman
    Secure Endpoints Inc.
+ Reply to Thread
« Syntax error in profile relation | re: Kerberos fails to unwrap a jgss token - BUG-ID: 4868429 »