[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Identity (SSH Key) Management in Linux

> What's practical for the slightly overprotective home user behind a
> firewall and providing "always on" content/services to random internet
> users? Is "trust the firewall completely" "good enough" to use
> convenient, lax policies inside the firewall?

Pretty much, IMHO.  If you really wanna put the keys in a central
repository, I like Jeff's suggestion of using an LDAP DB (or some other
easily replicable DB system, like MySQL) with a live replica and a
periodic removable archive.

I don't like the idea of storing all keys in any single place at all,
personally, that just seems to be screaming out for abuse.  If you start
putting home directories on a central network file server (not
specifically NFS, though) or partition, and symlink in the distro-specific
parts of the directory, then you can leave the keys in the "common" part
or the home directories.  I guess that's not really much more secure than
putting them in the user's LDAP entry as an extra attribute, but it feels
that way... :)

--Danny, mostly just musing...

To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.