[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: [bam: Re: ssh vs kerberos]
From: Philip Hands <phil () hands ! com>
Date: 1999-06-30 10:51:40
[Download RAW message or body]
Brian May <bam@snoopy.apana.org.au> writes:
> >If you want to do RSA-based authentication, you can do that, and try to
> >protect your private keys, but it's not necessary. If you choose to do
> >this, you can also limit the privilege of a given private key (for example,
> >by only allowing it to execute a particular command).
>
> True. I tend to think though that time limited tickets are more useful
> then command limited keys - who uses command limited keys? I would be
> interested in knowing useful applications, in areas where it increases
> security...
The push mirrors use them.
A push mirror admin can install the ``ftpsync'' script, without
trusting master, or any of it's users more than being willing to start
that script when asked to.
The worst that could be done is a DOS attempt by starting it fifty
times a second, and there are easier ways of doing DOSs, that don't
require you to break into master first.
Cheers, Phil.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic