Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - setup afs
>
> Using AFS would allow us to use a shared /afs/debian.org tree on all
> our systems. AFS does all the magic crypto stuff so you don't have to
> worry about Eve sniffing or Mallory tampering with packets.
>
> Setting up AFS is a big chunk of work. It would require us first to
> setup a kerberos realm, to integrate it into ud-ldap so that new krb
> principals are created with ud-ldap users, and that ud-ldap users can
> set krb passwords, which probably should be different from their ldap
> password.
>
> On the user side once logged in you'd have to get a kerberos ticket
> using your krb password, then alog to get access to your
> /afs/debian.org/transfer/$user or whatever.
>
> We will not put homedirs onto AFS (that would completely torpedo the
> initial goal), it would simply provide a transfer area.
>
> pros: + AFS is cool
That's never been a very good reason, IMO. But, hey, I won't deny it,
either ;-)
> + once we have a krb realm we could maybe also use it for other
> stuff like all those web services that require logins. How
> good is krb support in browsers these days?
Pretty good. Konqueror supports it out of the box, iceweasel only
requires you to edit the 'network.negotiate-auth.trusted-uris'
about:config variable, and then it works well, too. Dunno about other
browsers.
(for some infathomable reason, the firefox developers consider Negotiate
authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
why that is, and never saw a compelling argument...)
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22
Reply to: