Re: OLPC and Tjener
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Mar 07, 2008 at 11:01:10AM +0100, Kurt Gramlich wrote:
>* Jonas Smedegaard <firstname.lastname@example.org> [080307 01:54]:
>> I have chosen to backport 2.0 despite the ejabberd Debian maintainer
>> favoring the older 1.4.x version, due to its PAM support (I want all
>> services at my networks to authenticate and authorize through PAM, to
>> simplify both maintainance and user experience).
Well - it might actually be good to also mention the backside of such
Single login+password for all services obviously means that if access to
one service leaks then access to all services has leaked.
Many chat clients are _very_ relaxed in storing passwords. Like storing
cleartext in a world readable config file.
So unification of auth(z) should be coupled with encrypting all
communication channels and educating users about either picking only
sane tools or frequently change password.
This is possibly getting off-topic for debian-edu, but hey - OLPC in
general is off-topic too IMHO ;-)
 I so far found no way to enforce TLS (it does fallback to cleartext)
so also re-enabled the deprecated SSL channel in my ejabberd build (the
Debian maintainer has disabled it in recent releases) and offered only
that channel to my users.
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----