Re: Kerberos on .debian.org?

To: Sam Hartman <hartmans@mit.edu>
Cc: debian-devel@lists.debian.org
Subject: Re: Kerberos on .debian.org?
From: Jason Gunthorpe <jgg@debian.org>
Date: Fri, 9 Mar 2001 17:08:37 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1010309170603.6640B-100000@wakko.deltatee.com>
In-reply-to: <[🔎] tslelw7rssi.fsf@sweet-transvestite.mit.edu>

On 9 Mar 2001, Sam Hartman wrote:

>     Jason> Or not. We are not doing the central KDC thing for obvious
>     Jason> reasons.
> 
> I'm utterly failing to see what these obvious reasons are.  I suspect
> there is a misunderstanding of the security guarantees that debian.org
> currently has or a misunderstanding of how Kerberos works.

Kerberos requires a secure central KDC machine w/ the possibility for
secure replicas. If connectivity between a host and the KDC is broken then
the host is effectively dead in the water which is totally unacceptable
for us. Further, the fact that a KDC must be very secure to protect the
keys does not make it a good solution when we don't have physical control
over our boxes. 

> If/when a group of people propose something as well as state
> significant advantages to that proposal, you should do more than
> randomly snipe to present a credible argument against.

Read the list archives? This comes up every couple years..

Jason

Reply to:

Follow-Ups:
- Re: Kerberos on .debian.org?
  - From: Brian May <bam@debian.org>
- Re: Kerberos on .debian.org?
  - From: Sam Hartman <hartmans@mit.edu>

References:
- Re: Kerberos on .debian.org?
  - From: Sam Hartman <hartmans@mit.edu>

Prev by Date: Re: Trying to create a deb line - why doesn't it work?
Next by Date: Re: Kernel requires db3?
Previous by thread: Re: Kerberos on .debian.org?
Next by thread: Re: Kerberos on .debian.org?
Index(es):
- Date
- Thread