[Freedombox-discuss] Kerberos and remctl instead of exmachina?

[Petter Reinholdtsen]

[Jonas Smedegaard]
>> I suspect we are better of finding some alternative, preferably 
>> something also used elsewhere. :)
> 
> Fully acknowledged.

The issue at hand is to find a good alternative.  sudo might do.
remctl might do.  Even nrpe (nagios remote execution) would work. :)

> Regarding use of remctl for this, that sounds heavyweight to me.
> Why is password storage needed at all?  If this is about providing
> trusted access from a web interface to changing config files, then
> it seems to me with *any* trust-gaining method that the real issue
> is in limiting how big a door we leave open, and seems to me we
> don't need Kerberos at all.

I did not say password storage is needed, I just observed that it is
seem to be done today, and it could be dome in a standard and well
proven way using kerberos keytab files too.

I just happen to like Kerberos, and believe it is a good thing to have
around in any computing enviroment, and also know how to set it up
automatically thanks to our experience in Debian Edu. :)

> What I am thinking is a CGI interface run as an isolated user
> (e.g. via uwsgi or apache2-suexec) talking to debconf.  I don't see
> how Kerberos kan strengthen security - only complicate the setup
> adding amount of potential attack vectors.

Kerberos would not strengthen security - it is not why I propose it.
It would increase the usefulness of the freedombox (being an Kerberos
authentication service) while bringing our selected solutions more in
line with solutions used elsewhere.

Anyone know how arkos is doing this?  It seem to have several of the
same design issues as our plans for the freedombox.

-- 
Happy hacking
Petter Reinholdtsen