Re: Going LDAP #2

[Thor Lancelot Simon <tls%rek.tjls.com@localhost>]

On Sat, Jun 28, 2008 at 09:53:13PM +0200, Anders Magnusson wrote:
> Erik Berls wrote:
> > On Wed, Jun 18, 2008 at 11:54 AM, Anders Magnusson 
> > <ragge%ludd.ltu.se@localhost> wrote:
> >> Thor Lancelot Simon wrote:
> >>> On Mon, May 26, 2008 at 08:01:54PM +0200, Anders Magnusson wrote:
> >>>
> >>>>         xxinit -c (client)
> >>>>                 - Asks about the master machine and root password for it.
> >>>>                   This will get the configuration for the domain out
> >>>>                   of ldap and fetch a machine key.
> >>>>
> >>> What is the "it" here?  If "it" means the master machine, so the LDAP
> >>> server and KDC's root password would have to be entered into each client
> >>> when that client is initialized, I really, *really* don't like this.
> >>>
> >> This should be read "principal that can extract a host keytab" for the
> >> client.
> >> Which may or may not be root, depending of how the system is configured.
> > 
> > Can we make it really, really difficult to be root?  This seems like a
> > pretty easy default to set as non-root (and document as such).  Am I
> > missing something?
> > 
> No, but I think that whether or not to use the root account to fetch
> machine keys etc. should be left as a decision by the administrator.

I think that this is all quite architecturally wrong.  It should not be
done by pull -- much less by pull *as root* from the KDC -- it should be
done by push.

Thor