[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Identity (SSH Key) Management in Linux

To: <luci-discuss@luci.org>
Subject: Re: Identity (SSH Key) Management in Linux
From: "Danny Sauer" <cloudmaster@cloudmaster.com>
Date: Mon, 16 Jun 2003 19:49:54 -0500 (CDT)
Importance: Normal
In-Reply-To: <200306141515.h5EFF0c07069@web5.valuenet.net>
Organization: Linux Users of Central Illinois
References: <200306141515.h5EFF0c07069@web5.valuenet.net>
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

> What's practical for the slightly overprotective home user behind a
> firewall and providing "always on" content/services to random internet
> users? Is "trust the firewall completely" "good enough" to use
> convenient, lax policies inside the firewall?

Pretty much, IMHO.  If you really wanna put the keys in a central
repository, I like Jeff's suggestion of using an LDAP DB (or some other
easily replicable DB system, like MySQL) with a live replica and a
periodic removable archive.

I don't like the idea of storing all keys in any single place at all,
personally, that just seems to be screaming out for abuse.  If you start
putting home directories on a central network file server (not
specifically NFS, though) or partition, and symlink in the distro-specific
parts of the directory, then you can leave the keys in the "common" part
or the home directories.  I guess that's not really much more secure than
putting them in the user's LDAP entry as an extra attribute, but it feels
that way... :)

--Danny, mostly just musing...



-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Identity (SSH Key) Management in Linux
  - From: mike808@users.sourceforge.net

Prev by Date: Computer Banc
Next by Date: Re: Identity (SSH Key) Management in Linux
Prev by thread: Re: Identity (SSH Key) Management in Linux
Next by thread: Re: Identity (SSH Key) Management in Linux
Index(es):
- Date
- Thread