From owner-freebsd-security@FreeBSD.ORG Wed Sep 4 08:56:11 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 35576928; Wed, 4 Sep 2013 08:56:11 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id AC8342FC3; Wed, 4 Sep 2013 08:56:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id r848u1wv002048; Wed, 4 Sep 2013 12:56:01 +0400 (MSK) (envelope-from marck@rinet.ru) Date: Wed, 4 Sep 2013 12:56:01 +0400 (MSK) From: Dmitry Morozovsky To: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= Subject: Re: OpenSSH, PAM and kerberos In-Reply-To: <867gext445.fsf@nine.des.no> Message-ID: References: <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <998724759.20130903142637@serebryakov.spb.ru> <20130903103922.GI3796@zxy.spb.ru> <6110257289.20130903145034@serebryakov.spb.ru> <86d2oquopo.fsf@nine.des.no> <226539732.20130903154908@serebryakov.spb.ru> <8661uiujin.fsf@nine.des.no> <1734535072.20130903174359@serebryakov.spb.ru> <86vc2it2ip.fsf@nine.des.no> <1601348478.20130903182152@serebryakov.spb.ru> <86fvtludku.fsf@nine.des.no> <1289783626.20130904002038@serebryakov.spb.ru> <867gext445.fsf@nine.des.no> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Wed, 04 Sep 2013 12:56:01 +0400 (MSK) Cc: freebsd-security@freebsd.org, lev@freebsd.org, Slawa Olhovchenkov X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2013 08:56:11 -0000 Dag-Egling, On Wed, 4 Sep 2013, Dag-Erling Sm?rgrav wrote: > I'm not going to answer the rest - it is so full of misconceptions, > fallacies and incorrect assumptions that I simply don't have the > energy. Maybe it would help if we would have some kind of diagram showing different parts/phases of security- and credentials-related decision making processes? Or, is it somewhere in our resources already? I suppose this would decrease misunderstanding. (and, yes, Dag-Erling, *you* are one of the most security-related people with deepest knowledge, not we, so we kindly ask you dumb questions :) Thank you! -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------