Re: Going LDAP #2

To: Anders Magnusson <ragge%ludd.ltu.se@localhost>
Subject: Re: Going LDAP #2
From: Thor Lancelot Simon <tls%rek.tjls.com@localhost>
Date: Sat, 28 Jun 2008 19:44:53 -0400

On Sat, Jun 28, 2008 at 10:55:40PM +0200, Anders Magnusson wrote:
[I wrote]
> > I think that this is all quite architecturally wrong.  It should not be
> > done by pull -- much less by pull *as root* from the KDC -- it should be
> > done by push.
> > 
> Eh, are you complaining about how Kerberos works, or what?

No, I'm complaining about imposing one particular model of how to
configure Kerberos hosts on NetBSD users as the norm, when that model
is a particularly insecure one.

Long-lived cryptographic material such as host keys should be pushed
to clients in a secure environment, not pulled (worse, pulled by login
as root to the KDC!).

We started this discussion talking about scripts to replace the YP
client and server setup scripts we ship with NetBSD, presumably for
use by fairly naive system administrators.  I am simply concerned
that we not give them dangerous defaults.

-- 
Thor Lancelot Simon                                        
tls%rek.tjls.com@localhost
 "My guess is that the minimal training typically provided would only
 have given the party in question multiple new and elaborate ways to do
 something incomprehensibly stupid and dangerous."      -Rich Goldstone

Follow-Ups:
- Re: Going LDAP #2
  - From: Roland Dowdeswell

References:
- Re: Going LDAP #2
  - From: Thor Lancelot Simon
- Re: Going LDAP #2
  - From: Anders Magnusson
- Re: Going LDAP #2
  - From: Erik Berls
- Re: Going LDAP #2
  - From: Anders Magnusson
- Re: Going LDAP #2
  - From: Thor Lancelot Simon
- Re: Going LDAP #2
  - From: Anders Magnusson

Prev by Date: Re: Going LDAP #2
Next by Date: Re: Going LDAP #2
Previous by Thread: Re: Going LDAP #2
Next by Thread: Re: Going LDAP #2
Indexes:

Home | Main Index | Thread Index | Old Index