Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 2.1. Okay, I'm the administrator of a site, and I'd like to run Kerberos. What do I need to do? Next Document: 2.3. What programs/files need to go on each application server? See reader questions & answers on this topic! - Help others by sharing your knowledge You will need a dedicated machine to run the KDC on. The database stored on this machine is quite sensitive, if it's compromised your entire realm will be compromised. Therefore, this machine needs to be as secure as possible. Preferably it should not run any services other than the KDC. The secure-minded administrator might only allow logins on the console. This machine also has to be reliable. If it is down, you will not be able to use any Kerberized services unless you have also configured a slave server. Running the Kerberos server requires very little CPU power and a small amount of disk. An old PC with some hundreds of megabytes of free disk space should do fine. Most of the disk space will be used for various logs. Because the KDC has all of the keys for all of the principals in your realm, loss of the Kerberos database would require your entire realm to be rekeyed. Thus, backing up your Kerberos database is critical. However, precisely because the database contains all of your keys, you should treat backups of the KDC with the same security that you treat the KDC itself (in other words, don't leave the dump tapes lying around on your desk). User Contributions:Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000) Previous Document: 2.1. Okay, I'm the administrator of a site, and I'd like to run Kerberos. What do I need to do? Next Document: 2.3. What programs/files need to go on each application server? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: