[Freedombox-discuss] Kerberos and remctl instead of exmachina?

Jonas Smedegaard dr at jones.dk
Tue Sep 3 09:28:43 UTC 2013 

Quoting Petter Reinholdtsen (2013-09-03 09:57:58)
> [Jonas Smedegaard]
> >> I suspect we are better of finding some alternative, preferably 
> >> something also used elsewhere. :)
> > 
> > Fully acknowledged.
> 
> The issue at hand is to find a good alternative.  sudo might do.
> remctl might do.  Even nrpe (nagios remote execution) would work. :)
> 
> > Regarding use of remctl for this, that sounds heavyweight to me. Why 
> > is password storage needed at all?  If this is about providing 
> > trusted access from a web interface to changing config files, then 
> > it seems to me with *any* trust-gaining method that the real issue 
> > is in limiting how big a door we leave open, and seems to me we 
> > don't need Kerberos at all.
> 
> I did not say password storage is needed, I just observed that it is 
> seem to be done today, and it could be dome in a standard and well 
> proven way using kerberos keytab files too.

Let me try rephrase: Why use a mechanism more complex than e.g. sudo to 
govern crossing boundaries of access rights?

If Kerberos is used only to issue tickets automatically based on 
user-id, then I see no benefit of that mechanism.

If Kerberos is used also for authenticating human users of FreedomBox, 
how do you then imagine making that dead user-friendly?


> I just happen to like Kerberos, and believe it is a good thing to have 
> around in any computing enviroment, and also know how to set it up 
> automatically thanks to our experience in Debian Edu. :)

I like Kerberos.  But it is not on my list of things I want in _every_ 
computing environment.  Not even the Linux kernel belong everywhere - 
but also without splitting hairs, I don't think Kerberos belong in all 
Debian systems.  But I might simply miss something obvious here - I am a 
newbee in Kerberos.


> > What I am thinking is a CGI interface run as an isolated user (e.g. 
> > via uwsgi or apache2-suexec) talking to debconf.  I don't see how 
> > Kerberos kan strengthen security - only complicate the setup adding 
> > amount of potential attack vectors.
> 
> Kerberos would not strengthen security - it is not why I propose it. 
> It would increase the usefulness of the freedombox (being an Kerberos 
> authentication service) while bringing our selected solutions more in 
> line with solutions used elsewhere.

How would it increase usefulness for the target users of FreedomBox?

...or do you imply a wider userbase?


> Anyone know how arkos is doing this?  It seem to have several of the 
> same design issues as our plans for the freedombox.

I am curious about that too.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130903/d90f28c1/attachment.sig>

More information about the Freedombox-discuss mailing list