Re: [Server-devel] Password-less authentication with moodle
On Sat, Oct 4, 2008 at 8:50 AM, Michael Stone [EMAIL PROTECTED] wrote: P.S. - You should send your mail to [EMAIL PROTECTED] as well since there are a number of interesting folks hanging out there who don't regularly frequent [EMAIL PROTECTED] It'll be fantastic if security+development minded people get familiar enough with the XS, its goals and tradeoffs to comment intelligently on the strategies we explore to use on the XS. But I'll decline any invite to treat security as a self-standing issue, which is what security@ is about. It's just not a balanced, smart or time-efficient way to discuss it. (You'll observer that I stay away from debian-legal as well :-) ). cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Password-less authentication with moodle
On Fri, Oct 3, 2008 at 7:22 PM, Andrés Ambrois [EMAIL PROTECTED] wrote: I am, together with Pablo Flores, working in preparing EduBlog for deployment in Ceibal (yay!). However, one of the big challenges ahead is deciding on the security infrastructure needed. So I've decided to consult the gurus at server-devel =) . Hola Andres! - What's your timeframe? - Are the Ceibal machines registering with the Ceibal servers in any way? The other real solution that comes to mind would be TLS (SSL), maybe using the DSA SSH key generated in first-boot? I believe this would involved modifying Browse to use that file, and also gathering the XOs public keys manually and add them to the server, which is a logistic nightmare. I hope I'm wrong in this, could you advise me? That is one of the paths we are exploring :-) with an additional tweak to the 'register' action that retrieves the self-signed cert of the server on the XO as a trusted cert, and gives the XS the cert of the XO. This of course needs a change in the register API - (minor) code changes on the XO core Sugar libs and in Browse. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Password-less authentication with moodle
Hola Martin! On Saturday 04 October 2008 09:22:11 Martin Langhoff wrote: On Fri, Oct 3, 2008 at 7:22 PM, Andrés Ambrois [EMAIL PROTECTED] wrote: I am, together with Pablo Flores, working in preparing EduBlog for deployment in Ceibal (yay!). However, one of the big challenges ahead is deciding on the security infrastructure needed. So I've decided to consult the gurus at server-devel =) . Hola Andres! - What's your timeframe? The timeframe for our project is 5 weeks starting from last Wednesday, in which I need to cover the interface (Moodle and Wordpress theming), course configuration, authentication, modifying Write to enable blog posting, and document all this for a manual. - Are the Ceibal machines registering with the Ceibal servers in any way? My understanding of the current security architecture in Ceibal is almost non-existent, as I'm not working in LATU, and it has been a black box for external developers. I realize this will seriously hamper any take at the authentication problem, but I guess it's clear that there's little I can accomplish in this sense from the timeframe above. However, I believe there will be someone exclusively working on the security of the system. I will make sure to point him/her to this thread on Monday when we meet. The other real solution that comes to mind would be TLS (SSL), maybe using the DSA SSH key generated in first-boot? I believe this would involved modifying Browse to use that file, and also gathering the XOs public keys manually and add them to the server, which is a logistic nightmare. I hope I'm wrong in this, could you advise me? That is one of the paths we are exploring :-) with an additional tweak to the 'register' action that retrieves the self-signed cert of the server on the XO as a trusted cert, and gives the XS the cert of the XO. This of course needs a change in the register API - (minor) code changes on the XO core Sugar libs and in Browse. I'm glad I wasn't that far off :). Are these required modifications documented somewhere? cheers, m -- -Andrés ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Password-less authentication with moodle
On Sun, Oct 5, 2008 at 5:29 AM, Andrés Ambrois [EMAIL PROTECTED] wrote: - What's your timeframe? The timeframe for our project is 5 weeks starting from last Wednesday, in which I need to cover the interface (Moodle and Wordpress theming), course configuration, authentication, modifying Write to enable blog posting, and document all this for a manual. Ouch - that's very tight! I'm glad I wasn't that far off :). Are these required modifications documented somewhere? Not yet. We're finishing off 0.5 - will be looking into this for 0.6 or 0.7, not too far away, unlikely to be done in the next 5 weeks either :-/ cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))
On Sat, Oct 4, 2008 at 4:42 AM, Greg Smith [EMAIL PROTECTED] wrote: If Bryan needs Dansguardian built in that's good enough for me. I take back what I said about it not being critical. Good enough for me too. It's not like we cannot imagine why this is needed :-) I'm still a bit ambivalent with regards to DG and how much of a good fit it is, so let's be clear - long term, what we want is a good quality content filter. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel