Re: Going LDAP #2

[Anders Magnusson <ragge%ludd.ltu.se@localhost>]

Thor Lancelot Simon wrote:
> On Sat, Jun 28, 2008 at 09:53:13PM +0200, Anders Magnusson wrote:
>> Erik Berls wrote:
>>> On Wed, Jun 18, 2008 at 11:54 AM, Anders Magnusson 
>>> <ragge%ludd.ltu.se@localhost> wrote:
>>>> Thor Lancelot Simon wrote:
>>>>> On Mon, May 26, 2008 at 08:01:54PM +0200, Anders Magnusson wrote:
>>>>>
>>>>>>         xxinit -c (client)
>>>>>>                 - Asks about the master machine and root password for it.
>>>>>>                   This will get the configuration for the domain out
>>>>>>                   of ldap and fetch a machine key.
>>>>>>
>>>>> What is the "it" here?  If "it" means the master machine, so the LDAP
>>>>> server and KDC's root password would have to be entered into each client
>>>>> when that client is initialized, I really, *really* don't like this.
>>>>>
>>>> This should be read "principal that can extract a host keytab" for the
>>>> client.
>>>> Which may or may not be root, depending of how the system is configured.
>>> Can we make it really, really difficult to be root?  This seems like a
>>> pretty easy default to set as non-root (and document as such).  Am I
>>> missing something?
>>>
>> No, but I think that whether or not to use the root account to fetch
>> machine keys etc. should be left as a decision by the administrator.
> 
> I think that this is all quite architecturally wrong.  It should not be
> done by pull -- much less by pull *as root* from the KDC -- it should be
> done by push.
> 
Eh, are you complaining about how Kerberos works, or what?

-- R