Re: [bam: Re: ssh vs kerberos]
Brian May <bam@snoopy.apana.org.au> writes:
> >If you want to do RSA-based authentication, you can do that, and try to
> >protect your private keys, but it's not necessary. If you choose to do
> >this, you can also limit the privilege of a given private key (for example,
> >by only allowing it to execute a particular command).
>
> True. I tend to think though that time limited tickets are more useful
> then command limited keys - who uses command limited keys? I would be
> interested in knowing useful applications, in areas where it increases
> security...
The push mirrors use them.
A push mirror admin can install the ``ftpsync'' script, without
trusting master, or any of it's users more than being willing to start
that script when asked to.
The worst that could be done is a DOS attempt by starting it fifty
times a second, and there are easier ways of doing DOSs, that don't
require you to break into master first.
Cheers, Phil.
Reply to: