[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-nfsv4
Subject: Re: NFS4 and remote access
From: "J. Bruce Fields" <bfields () fieldses ! org>
Date: 2007-04-18 20:17:30
Message-ID: 20070418201730.GB18150 () fieldses ! org
[Download RAW message or body]
On Wed, Apr 18, 2007 at 09:14:33PM +0100, Ian Grant wrote:
> On Wed, 2007-04-18 at 16:03 -0400, Trond Myklebust wrote:
> > On Wed, 2007-04-18 at 20:45 +0100, Ian Grant wrote:
> > > Yes, we have had this working from within our own site, where we trust
> > > the machines we manage. I should have been more clear: I meant remote
> > > access from other institutions, cyber-cafe's etc. where we cannot
> > > necessarily trust anything beyond the ssh session. We don't want the
> > > user typing kinit and entering their kerberos key.
> >
> > If you don't trust the keyboard that you are using to type with, then
> > you cannot enter _any_ passwords that could be reused. The only way to
> > deal with that would be use-once passwords (including for the ssh
> > session itself).
>
> Yes. That is why we don't allow password-based ssh authentication. Just
> public keys.
So you're trusting their private ssh keys to the cybercafe machines that
they're logging on from?
--b.
_______________________________________________
NFSv4 mailing list
NFSv4@linux-nfs.org
http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic