The intention with this section is to discuss various problems with Kerberos 5, so you can form a conscious decision how to deploy and use Shishi correctly in your organization.
* No encryption scheme with security proof. * No standardized API, and GSS mechanism lack important functionality. * Lack of authorization system. (krb5_kuserok()) * Host to realm mapping relies on insecure DNS or static configuration files. * Informational model and user database administration.