Quoting Petter Reinholdtsen (2013-09-03 08:08:00) > [Jonas Smedegaard] > > I am still unfamiliar with exmachina, but seems to me that its > > purpose is to handle execution of cross-account yet same-host, > > whereas purpose of remctl seems to be remote-host execution. > > Yes. > > > Seems wrong for me to expect non-technical users of some "black box" > > to be in possesion of Kerberos-enabled systems needed for > > controlling their box. > > My idea was to use Kerberos also locally using a keytab file to store > the password (instead of the current approach, which is storing the > password in some home made mechanism), while providing two extra and > useful services - kerberos and remctl. > > Part of the reason was that exmachina isn't used anywhere else, and do > not seem to get much upstream attention, which made me worry about the > sustainability of the solution. > > A few days ago I wrote to Bryan Newbold about merging rules to make a > Debian package: > > [Petter Reinholdtsen] > > Hi. I just made a branch with the changes needed to create a deb of > > exmachina, to make it easier to set up a freedombox using deb > > packages. Please have a look at <URL: > > http://gitorious.org/exmachina/petterreinholdtsens-exmachina > and > > consider including it in the "official" version of exmachina. > > I got this fairly surprising reply (checked with him if it was OK to > quote him here :): > > [Bryan Newbold] > > There is no "official" version of exmachina, it was only a thought > > experiment to solicit feedback. I have removed the repository from > > github to prevent future use of the example code; you are of course > > welcome to re-implement the concept, though I never received enough > > feedback to convince myself that it was a good idea. > > So the "upstream" repository is gone, and the source now live in a > brach with Nick and me, I guess. :) > > I suspect we are better of finding some alternative, preferably > something also used elsewhere. :)
Fully acknowledged. Regarding use of remctl for this, that sounds heavyweight to me. Why is password storage needed at all? If this is about providing trusted access from a web interface to changing config files, then it seems to me with *any* trust-gaining method that the real issue is in limiting how big a door we leave open, and seems to me we don't need Kerberos at all. What I am thinking is a CGI interface run as an isolated user (e.g. via uwsgi or apache2-suexec) talking to debconf. I don't see how Kerberos kan strengthen security - only complicate the setup adding amount of potential attack vectors. For a GeekBox I would find it a quite interesting approach to use remctl - but not for a FreedomBox (i.e. a box for non-geeks with no sysadmin). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss