[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: [bam: Re: ssh vs kerberos]
From:       Philip Hands <phil () hands ! com>
Date:       1999-06-30 10:51:40
[Download RAW message or body]

Brian May <bam@snoopy.apana.org.au> writes:

> >If you want to do RSA-based authentication, you can do that, and try to
> >protect your private keys, but it's not necessary.  If you choose to do
> >this, you can also limit the privilege of a given private key (for example,
> >by only allowing it to execute a particular command).
> 
> True. I tend to think though that time limited tickets are more useful
> then command limited keys - who uses command limited keys? I would be
> interested in knowing useful applications, in areas where it increases
> security...

The push mirrors use them.

A push mirror admin can install the ``ftpsync'' script, without
trusting master, or any of it's users more than being willing to start
that script when asked to.

The worst that could be done is a DOS attempt by starting it fifty
times a second, and there are easier ways of doing DOSs, that don't
require you to break into master first.

Cheers, Phil.


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

[prev in list] [next in list] [prev in thread] [next in thread]