Le Mon, Sep 01, 2008 at 02:50:29PM +0200, Wouter Verhelst a écrit :
>
> This education could be done in two steps: first, create a policy and
> link to it from debian-devel-announce; second, make this required
> reading for the NM procedure (similar to the 'DMUP' and 'SC/DFSG'
> questions that NMs
On Mon, Sep 01, 2008 at 02:50:29PM +0200, Wouter Verhelst wrote:
> By setting the "GSSAPICleanupCredentials" option in sshd_config, the
> credentials cache is destroyed upon logout (this can also be done
> through the session component of libpam_krb5.so).
... but pam_krb5.so shouldn't be used for
On Sun, Aug 31, 2008 at 11:19:45AM +0200, Peter Palfrader wrote:
> On Sat, 30 Aug 2008, Steve Langasek wrote:
> > Well, the underlying premise here is, of course, that certain routinely
> > useful capabilities need to be taken out of the hands of the users because
> > they won't use them responsibl
On Sun, Aug 31, 2008 at 11:19:45AM +0200, Peter Palfrader wrote:
>On Sat, 30 Aug 2008, Steve Langasek wrote:
>
>> Having your inter-host file transfers sandboxed, such that you have to log
>> in to the host on each end in order to get the files copied to the place you
>> want them, would be a serio
On Sat Aug 30 16:43, Steve Langasek wrote:
> This is obviously an *incredibly* bad idea for anyone to do if they actually
> care about the security of the Debian systems. But we're already talking
> about hard policy changes to stop users from doing things they shouldn't do
> in the first place (=
On Sat, Aug 30, 2008 at 10:54:59PM -0700, Steve Langasek wrote:
> On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote:
> > Negotiate auth does not provide confidentiality or integrity protection
> > different to the normal use of kerberos.
> Well, ok, but you're negotiating *authenticatio
On Sat, 30 Aug 2008, Steve Langasek wrote:
> Well, the underlying premise here is, of course, that certain routinely
> useful capabilities need to be taken out of the hands of the users because
> they won't use them responsibly[1].
> But we're alrea
On Sat, Aug 30, 2008 at 03:01:00PM -0700, Steve Langasek wrote:
> On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> > > + once we have a krb realm we could maybe also use it for other
> > > stuff like all those web services that require logins. How
> > >
On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote:
> On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> > (for some infathomable reason, the firefox developers consider Negotiate
> > authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> > why that is,
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
> > > What other options did we forget?
> > - Setup Kerberos, allow it as an additional ssh login variant
> Circumvents the entire idea behind this exercise: Assuming an attacker
> already has control over one host we want to make
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> (for some infathomable reason, the firefox developers consider Negotiate
> authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> why that is, and never saw a compelling argument...)
Negotiate auth does not provid
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> > + once we have a krb realm we could maybe also use it for other
> > stuff like all those web services that require logins. How
> > good is krb support in browsers these days?
> Pretty good. Konqueror
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - setup afs
>
> Using AFS would allow us to use a shared /afs/debian.org tree on all
> our systems. AFS does all the magic crypto stuff so you don't have to
> worry about Eve sniffing or Mallory tampering with packets.
>
>
On Sat, 30 Aug 2008, Bastian Blank wrote:
> > Or you use only resolvers that you have a trusted (i.e. ipsec)
> > connection to and those need to have a complete axfr'ed zone.
>
> Then we can drop the whole ud-ldap thing and use centralized
> authentication.
Um. I don't see why that follows. I
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
> On Sat, 30 Aug 2008, Bastian Blank wrote:
> > On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > > The crypto stuff could be alleviated by using ipsec between all our
> > > servers. But that works even less we
[Trimming lists]
On Sat, 30 Aug 2008, Bastian Blank wrote:
> On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > - install sendfile/saft on all machines so you can do
> > sendfile foo.tar.gz [EMAIL PROTECTED]
> >
> > The crypto stuff could be alleviated by using ipsec betw
On Sat, Aug 30, 2008 at 03:16:01PM +0200, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
+ once we have a krb realm we could maybe also use it for other
stuff like all those web services that require logins. How
good is krb supp
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - install sendfile/saft on all machines so you can do
> sendfile foo.tar.gz [EMAIL PROTECTED]
>
> The crypto stuff could be alleviated by using ipsec between all our
> servers. But that works even less well than you'd expe
[Let's move this to debian-project since there is no
debian-admin-public-bikeshedding. I hope mutt doesn't eat my
Mail-Followup-To header.]
On Thu, 28 Aug 2008, Peter Palfrader wrote:
> > I generally avoid using password authentication to Debian hosts, *except* in
> > the particular case of scp'
19 matches
Mail list logo