5

My first few jobs as a linux admin had be working under some very senior admins. In all of these cases kerberos was setup for users to request a security token and gain access to company servers for a set amount of time.

Now as I have started working at a startup and have started to go to meetups revolving around devops and sre type companies. I have noticed that most of these companies choose to use ssh keys, ldap and some form of configuration management to determine who can access which servers. Most users just have passwordless ssh keys on their macbooks. It's very insecure.

What makes the ssh key setup preferable to the kerberos setup?

Jacob Taleb
  • 51
  • 4
  • 2
    This is probably due to two reasons: 1) key auth is easier to set up and easier to manage on an always-changing fleet of servers, and 2) startups frequently use off-premise cloud servers that don't have access to the enterprise Kerberos system (if that exists at all). – EEAA Nov 07 '15 at 19:10
  • That said, key auth can be managed in such a way that is not all that much more insecure than Kerberos. Multi-factor authentication with a solid configuration management system to manage credentials gets you much of the way there. Sadly, many startups don't bother with much in terms of security. – EEAA Nov 07 '15 at 19:11

0 Answers0