>>>>> "EC" == Ed Carp <erc@stripped> writes:
>> I do a small change in the mysql for use a kerberos ticket instead of
>> password , in this way you can resolve the security problem from
>> PAM module and DB server ...
EC> Kerberos is inherently insecure, and I think Fred Cohen actually has a
EC> working exploit. Might want to think about using SSH instead.
I doubt it is _inherenly_ insecure. I did a lot of research on the
kerberos v4 protocols back in gradual school and the protocols don't
seem to have any major weaknesses. The implementation may be
insecure, but that's a whole different issue.
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@stripped Rockville, MD +1-301-545-6996
PGP & MIME spoken here http://www.kciLink.com/home/khera/