Date: Thu, 25 Mar 1999 18:08:42 -0800 From: Mike Thompson <miket@dnai.com> To: David Gilbert <dgilbert@velocet.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <4.1.19990325180802.00a23d90@mail.dnai.com> In-Reply-To: <14074.43908.398273.970148@trooper.velocet.ca> References: <4.1.19990325120933.00ad08d0@mail.dnai.com> <Pine.GSO.4.10.9903251409300.17330-100000@primrose.isrc.qut.edu.au> <4.1.19990325021717.0097e980@mail.dnai.com> <4.1.19990325120933.00ad08d0@mail.dnai.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Point well taken. I'll attempt to modify the design to prevent access to one server automatically implying access to all servers. Mike At 04:32 PM 3/25/99 -0500, David Gilbert wrote: >The big hole in your design is that access to one machine implies >access to all machines. Once someone gains access (though whatever >means) to one machine, they can roam around freely amongst many >machines. > >To prevent this, you would want to pass authenticated (not >necessarily encrypted) commands back and forth between the servers >such that any one server could only invoke a certain narrow number of >commands on another. You could do this with ssl web servers, for >instance. > >I suppose, from a security standpoint, I'm saying that you're breaking >the "least privildge" principle. Obviously, one server >doesn't/shouldn't need to be a complete bonna-fide user on another >server. > >Dave. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990325180802.00a23d90>