> > The way our Kerberos implementation is done, it does *not* validate
> > the server, just the client. If you want server
> verification, you must
> > use a combination of both Kerberos and SSL.
>
> Eh? We use mutual authentication in Kerberos...
We do? That's good then :-) I was told by someone that we don't. Never
really checked into it, since all my installations already use SSL for
that. So, I'll retract my comment ;)
//Magnus
