tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Going LDAP #2

On Sat, Jun 28, 2008 at 10:55:40PM +0200, Anders Magnusson wrote:
[I wrote]
> > I think that this is all quite architecturally wrong.  It should not be
> > done by pull -- much less by pull *as root* from the KDC -- it should be
> > done by push.
> > 
> Eh, are you complaining about how Kerberos works, or what?

No, I'm complaining about imposing one particular model of how to
configure Kerberos hosts on NetBSD users as the norm, when that model
is a particularly insecure one.

Long-lived cryptographic material such as host keys should be pushed
to clients in a secure environment, not pulled (worse, pulled by login
as root to the KDC!).

We started this discussion talking about scripts to replace the YP
client and server setup scripts we ship with NetBSD, presumably for
use by fairly naive system administrators.  I am simply concerned
that we not give them dangerous defaults.

Thor Lancelot Simon                               
 "My guess is that the minimal training typically provided would only
 have given the party in question multiple new and elaborate ways to do
 something incomprehensibly stupid and dangerous."      -Rich Goldstone

Home | Main Index | Thread Index | Old Index