nanog mailing list archives
Re: Best practices inquiry: tracking SSH host keys
From: sandy () tislabs com
Date: Fri, 7 Jul 2006 13:27:47 -0400 (EDT)
If a deployed kerberos environment has a single point of failure then its been deployed poorly. Kerberos has replication mechanisms to provide redundancy.
This concentrates on the "what if it fails" worst case scenario of a single point of failure. This doesn't answer the "what if it is subverted" worst case scenario of a single point of failure. (Other posters have noted the requirement to lock down the kerberos server tightly, but seemingly more with a view to keeping the server functioning, rather than keeping its data safe from exposure and corruption. The lock down mechanisms probably do both, but you need to keep both views in mind.) --Sandy
Current thread:
- Re: Best practices inquiry: tracking SSH host keys Shumon Huque (Jul 01)
- <Possible follow-ups>
- Re: Best practices inquiry: tracking SSH host keys Steven M. Bellovin (Jul 06)
- Re: Best practices inquiry: tracking SSH host keys Jeremy Chadwick (Jul 06)
- Re: Best practices inquiry: tracking SSH host keys Christopher L. Morrow (Jul 06)
- Re: Best practices inquiry: tracking SSH host keys David Nolan (Jul 07)
- Re: Best practices inquiry: tracking SSH host keys Shumon Huque (Jul 09)
- Re: Best practices inquiry: tracking SSH host keys Jeremy Chadwick (Jul 06)
- Re: Best practices inquiry: tracking SSH host keys Christopher L. Morrow (Jul 06)
- Re: Best practices inquiry: tracking SSH host keys Shumon Huque (Jul 09)
- Re: Best practices inquiry: tracking SSH host keys Steven M. Bellovin (Jul 09)
- Re: Best practices inquiry: tracking SSH host keys Shumon Huque (Jul 09)