Re: OLPC and Tjener
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Mar 07, 2008 at 11:01:10AM +0100, Kurt Gramlich wrote:
>* Jonas Smedegaard <dr@jones.dk> [080307 01:54]:
>> I have chosen to backport 2.0 despite the ejabberd Debian maintainer
>> favoring the older 1.4.x version, due to its PAM support (I want all
>> services at my networks to authenticate and authorize through PAM, to
>> simplify both maintainance and user experience).
>
>Good point!
Well - it might actually be good to also mention the backside of such
approach:
Single login+password for all services obviously means that if access to
one service leaks then access to all services has leaked.
Many chat clients are _very_ relaxed in storing passwords. Like storing
cleartext in a world readable config file.
So unification of auth(z) should be coupled with encrypting all
communication channels[1] and educating users about either picking only
sane tools or frequently change password.
This is possibly getting off-topic for debian-edu, but hey - OLPC in
general is off-topic too IMHO ;-)
- Jonas
[1] I so far found no way to enforce TLS (it does fallback to cleartext)
so also re-enabled the deprecated SSL channel in my ejabberd build (the
Debian maintainer has disabled it in recent releases) and offered only
that channel to my users.
- --
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH0ThZn7DbMsAkQLgRAieDAJ9QdqMnY+d97VZJdVzBsK6EFtDq7QCfRF74
3sCgPL7ZYn+5FTED4ELvkjw=
=HXj7
-----END PGP SIGNATURE-----
Reply to: