On 3/25/19 2:16 AM, William Brown wrote:
* To servers
Use SSH key distribution in LDAP via SSSD.
Or better use (temporary) OpenSSH certificates.
Finally, it is my personal opinion (IE not the opinion of the
project
or my employer) that kerberos should be avoided as it introduces
complexity, fragility and high risk of lateral movement attacks.
Full ack.
Ciao, Michael.