[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OLPC and Tjener

Hash: SHA1

On Fri, Mar 07, 2008 at 11:01:10AM +0100, Kurt Gramlich wrote:
>* Jonas Smedegaard <dr@jones.dk> [080307 01:54]:
>> I have chosen to backport 2.0 despite the ejabberd Debian maintainer 
>> favoring the older 1.4.x version, due to its PAM support (I want all 
>> services at my networks to authenticate and authorize through PAM, to 
>> simplify both maintainance and user experience).
>Good point!

Well - it might actually be good to also mention the backside of such 

Single login+password for all services obviously means that if access to 
one service leaks then access to all services has leaked.

Many chat clients are _very_ relaxed in storing passwords. Like storing 
cleartext in a world readable config file.

So unification of auth(z) should be coupled with encrypting all 
communication channels[1] and educating users about either picking only 
sane tools or frequently change password.

This is possibly getting off-topic for debian-edu, but hey - OLPC in 
general is off-topic too IMHO ;-)

  - Jonas

[1] I so far found no way to enforce TLS (it does fallback to cleartext) 
so also re-enabled the deprecated SSL channel in my ejabberd build (the 
Debian maintainer has disabled it in recent releases) and offered only 
that channel to my users.

- -- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

  - Enden er nær: http://www.shibumi.org/eoti.htm
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: