Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - install sendfile/saft on all machines so you can do
> sendfile foo.tar.gz weasel@merkel
> The crypto stuff could be alleviated by using ipsec between all our
> servers. But that works even less well than you'd expect.
The machines needs to check DNSSEC or the names can be spoofed which
makes ipsec mood.
> - setup afs
> pros: + AFS is cool
Yeah. You can make read-only snapshots for backup purposes.
> + once we have a krb realm we could maybe also use it for other
> stuff like all those web services that require logins. How
> good is krb support in browsers these days?
Firefox supports it in a whitelist approach. However I never tested it.
> cons: - integrating krb and afs into ud-ldap is a lot of work
> - setting up afs will be a lot of work too
> - little prior experience with afs
> - AFS suffers from the not-a-filesystem syndrome: file access
> control is not unix-like and will confuse users.
Also other parts are not really POSIX-like. Hardlinks or so.
> - might cause problems with existing firewalls.
- The needed kernel module still uses rootkit-like behaviour.
> What other options did we forget?
- Setup Kerberos, allow it as an additional ssh login variant
+ Ticket forwarding
However, only the insecure options allow automatic operation, so lets
extend some options (yes, I think about the D-I images which are
located in people):
- Allow additional principals for automatic usage
This can be combined with AFS and SSH-Kerberos
Each user can create additional principals $USER/cron/$ID@$REALM, the
keys are put into a keyfile so that a script can create a ticket and
use that to do the operations.
AFS: Just needs proper ACLs for this principal.
SSH: Needs mapping in /etc/krb/krb5.conf or .k5login and there was
Extreme feminine beauty is always disturbing.
-- Spock, "The Cloud Minders", stardate 5818.4