Sven Luther [EMAIL PROTECTED] wrote:
There are two recent events which made me decide to write this mail, and
circumvent the ban, which is something which i have not done in over a year.
[...]
- [...someone] chose to use
my name in a contempting way, and nobody thought it worth to critic
[Let's move this to debian-project since there is no
debian-admin-public-bikeshedding. I hope mutt doesn't eat my
Mail-Followup-To header.]
On Thu, 28 Aug 2008, Peter Palfrader wrote:
I generally avoid using password authentication to Debian hosts, *except* in
the particular case of scp'ing
Hello,
Sven Luther was invited to the Extremadura event, and people in the
group was asked and nobody was uncomfortable with him, so we (mostly I
did) decided it was ok for him to come. After some time it looks like
there is some people arround that place by that time that it is not
comfortable
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
- install sendfile/saft on all machines so you can do
sendfile foo.tar.gz [EMAIL PROTECTED]
The crypto stuff could be alleviated by using ipsec between all our
servers. But that works even less well than you'd expect.
On Sat, Aug 30, 2008 at 03:16:01PM +0200, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
+ once we have a krb realm we could maybe also use it for other
stuff like all those web services that require logins. How
good is krb
[Trimming lists]
On Sat, 30 Aug 2008, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
- install sendfile/saft on all machines so you can do
sendfile foo.tar.gz [EMAIL PROTECTED]
The crypto stuff could be alleviated by using ipsec between all
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
On Sat, 30 Aug 2008, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
The crypto stuff could be alleviated by using ipsec between all our
servers. But that works even less well than
On Sat, 30 Aug 2008, Bastian Blank wrote:
Or you use only resolvers that you have a trusted (i.e. ipsec)
connection to and those need to have a complete axfr'ed zone.
Then we can drop the whole ud-ldap thing and use centralized
authentication.
Um. I don't see why that follows. I don't
On 30/08/08 at 02:03 +0200, Sven Luther wrote:
- in a thread about some guy who chose to hide is name probably to
circumvent a similar ban than i am under, and accuse the debian governance
of all kind of evil acts, in maybe a clumsy way, Martin Shulze chose to use
my name in a contempting
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
- setup afs
Using AFS would allow us to use a shared /afs/debian.org tree on all
our systems. AFS does all the magic crypto stuff so you don't have to
worry about Eve sniffing or Mallory tampering with packets.
* Peter Palfrader:
What other options did we forget?
Modern NFS over IPsec to a central file server. However, less than
stellar bandwidth at the Debian servers requires really, really modern
NFS with persistent caching.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
+ once we have a krb realm we could maybe also use it for other
stuff like all those web services that require logins. How
good is krb support in browsers these days?
Pretty good. Konqueror
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
(for some infathomable reason, the firefox developers consider Negotiate
authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
why that is, and never saw a compelling argument...)
Negotiate auth does not provide
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
What other options did we forget?
- Setup Kerberos, allow it as an additional ssh login variant
Circumvents the entire idea behind this exercise: Assuming an attacker
already has control over one host we want to make it as
Bastian Blank [EMAIL PROTECTED] writes:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
- AFS suffers from the not-a-filesystem syndrome: file access
control is not unix-like and will confuse users.
Also other parts are not really POSIX-like. Hardlinks or
Wouter Verhelst [EMAIL PROTECTED] writes:
(for some infathomable reason, the firefox developers consider Negotiate
authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
why that is, and never saw a compelling argument...)
Well, having your browser spontaneously authenticate
On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
(for some infathomable reason, the firefox developers consider Negotiate
authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
why that is, and
17 matches
Mail list logo
