[Freedombox-discuss] Kerberos and remctl instead of exmachina?
Jonas Smedegaard
dr at jones.dk
Sun Sep 1 18:08:39 UTC 2013
Quoting Petter Reinholdtsen (2013-09-01 14:16:56)
> Hi. Would it be an idea to provide Kerberos authentication in
> freedombox, and use remctl instead of exmachina for root execution?
>
> The exmachina source seem to be fairly new and unproven, while remctl
> is already used in production at Stanford, see <URL:
> http://www.eyrie.org/~eagle/journal/2013-08/003.html > for a blog post
> about this usage. Kerberos have the advantage of never sending the
> password over the net, and providing support for single sign on for
> services that support it.
I am still unfamiliar with exmachina, but seems to me that its purpose
is to handle execution of cross-account yet same-host, whereas purpose
of remctl seems to be remote-host execution.
Seems wrong for me to expect non-technical users of some "black box" to
be in possesion of Kerberos-enabled systems needed for controlling their
box.
...but I suspect I am simply missing something obvious here...
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130901/57887292/attachment.sig>
More information about the Freedombox-discuss
mailing list