Re: Nessusd authentication

To: jordan@mjh.teddy-net.com
Cc: debian-devel@lists.debian.org
Subject: Re: Nessusd authentication
From: Bear Giles <bear@coyotesong.com>
Date: Mon, 8 Feb 1999 16:06:23 -0700 (MST)
Message-id: <[🔎] 199902082306.QAA03383@eris.coyotesong.com>
In-reply-to: <[🔎] 9902082324120A.00398@snack> from Jordan Hrycaj at "Feb 8, 1999 10:55:10 pm"

> - An open auth protocol frame on top of the current one for the
>   user authentication. It should support several authentication
>   schemes (login/passwd, challenge/response, etc?)
 
GSSAPI.  It's a generic interface that already has S/Key and
Kerberos 5 implementations.  It makes a *lot* more sense (IMHO)
to add additional bindings to GSSAPI than to define yet another
protocol.

> If I understood Renaud right, he is planning to set up communication
> between nessus servers for some reason.  So we need at least an
> abstract authentication scheme that allows us to view another nessus
> server as user that has to be authenticated.

Check out Kerberos4 (at nonus.debian.org).  The MIT (US-only) version
doesn't have GSSAPI bindings for Kerberos 4, but maybe the kth version
does.  In any case, it will show you what a mature authentication
service has.

BTW, the standard Kerberos principals for this would be:

  user/nessus@REALM       -- user authorized to run Nessus
  nessus/fqdn@REALM       -- host running Nessusd

Nessusd could be set up to accept either form of principal.

Bear Giles
bgiles@coyotesong.com

Reply to:

References:
- Nessusd authentication
  - From: Jordan Hrycaj <jordan@mjh.teddy-net.com>

Prev by Date: Re: kernel 2.2 boot disks?
Next by Date: Re: Help, Can't compile a package anymore.
Previous by thread: Nessusd authentication
Next by thread: Intent to package cforge and code-medic
Index(es):
- Date
- Thread