From owner-freebsd-security@FreeBSD.ORG Wed Dec 10 23:33:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA40416A4CE for ; Wed, 10 Dec 2003 23:33:47 -0800 (PST) Received: from theinternet.com.au (c211-30-103-113.carlnfd1.nsw.optusnet.com.au [211.30.103.113]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3D3443D2F for ; Wed, 10 Dec 2003 23:33:44 -0800 (PST) (envelope-from akm@theinternet.com.au) Received: from theinternet.com.au (akm@localhost [127.0.0.1]) by theinternet.com.au (8.12.9/8.12.9) with ESMTP id hBB7XgtN078625; Thu, 11 Dec 2003 18:33:42 +1100 (EST) (envelope-from akm@theinternet.com.au) Received: (from akm@localhost) by theinternet.com.au (8.12.9/8.12.9/Submit) id hBB7XbWR078624; Thu, 11 Dec 2003 18:33:37 +1100 (EST) Date: Thu, 11 Dec 2003 18:33:37 +1100 From: Andrew Kenneth Milton To: Brett Glass Message-ID: <20031211073336.GO57995@zeus.theinternet.com.au> References: <6.0.0.22.2.20031210115335.04c2fc50@localhost> <20031210093927.70c87960.amonk@gnutec.com> <6.0.0.22.2.20031210124332.04e94ac0@localhost> <16343.33321.632599.190251@oscar.buszard-welcher.com> <6.0.0.22.2.20031210173916.04f57be8@localhost> <3FD7C240.4030005@tenebras.com> <6.0.0.22.2.20031210193940.04f82c20@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.0.0.22.2.20031210193940.04f82c20@localhost> User-Agent: Mutt/1.4.1i cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 07:33:47 -0000 +-------[ Brett Glass ]---------------------- | An excellent reason to use SSL together with S/key. I'm not sure about the physical setup you have, but, here goes. Why don't you issue certificates to each user, that have a fixed life span, say a week (or day or a few hours), and avoid the password thing altogether? If you can generate pieces of paper to hand out, you can generate a certificate per user that get assigned / refreshed before they leave. You could even just revoke the certificate if/when lost, if the assignment of a new certificate is overly burdensome. Once the certificate is revoked even having physical possession of the palm pilot won't give you access. There's no passwords to write down, and there's no user interactions to sniff/log. You should be able to use a certificate at a cafe via floppy/cd/USB key (I guess, I've never been to one), if this is the normal usage pattern, I'd be making the lifespan of the certs very small. -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | M:+61 416 022 411 | ACN: 082 081 472 ABN: 83 082 081 472 |akm@theinternet.com.au| Carpe Daemon