My requirements from the alfs authentication protocol, please comment. 1. At all times, the client must be sure that they are talking to a specific server and not another random machine which just looks like this server and seems to have the same ip/hostname. (Identification).
2. At all times, the server must be sure that both it is talking to its *one and only* client *and* that behind this client is its *one and only* administrator (authorization). In particular, given that whoever manages to impersonate the client/admin combination gets in effect unlimited privileges on *all* the servers, this must be *much* harder to accomplish than impersonating the server. 3. For this protocol to be convenient enough for its typical use case (one client multiple servers), there must be a *single* authentication token authenticating the client to all server. I.e., the admin should not be forced to supply a different password for each server. More generally, the amount of authentication resources (passwords, keys, certificates, whatever) per machine must be kept to a bare minimum. 4. The protocol must be largely based on existing solutions as much as possible, in order to be implementable. We don't want to reinvent TLS, as I don't think we would improve it. On the other hand, we want to keep the number of external dependencies as small as possible (most probably, at most one). 5. Some users, in some cases may use this protocol over slow lines (e.g., It happens several times that I would have to do administration work on the lab machines(alfs servers), from my laptop at home, through a lousy 56k (god help if its even 56k!) dialup. So, reducing latency and keeping roundrips to a minimum is a *good thing*, though I realise that this requirement has the lowest priority. Thanks, Pantelis ____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. -- http://linuxfromscratch.org/mailman/listinfo/alfs-discuss FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
