Hi all,
I've been playing around with encrypting the connections between console and
conserver and (famous last words) I don't think it would be too difficult to
include TLS/SSL and possibly kerberos encryption into the source (I'm less
sure about openssh since there doesn't seem to be that much documentation
other than the source).
Assuming that there's interest in this what sort of requirements are people
likely to have:
Do we just want to have encrypted channels or to handle things like Kerberos
authentication?
Which protocols would we want (I suspect SSL will be the easiest way to get
some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
ssh)?
Is it a compilation/configuration choice or should conserver support multiple
different systems?
If the answer to the above is yes then what kind of configuration options are
we looking at (only allow kerberos authenticated connections to host foobar?)
NB. I'm not proposing to write code to do all of the above but I'm willing to
make a start, also I don't claim to be any kind of expert or writing security
code and fully expect to drop some real clangers on the way :)
Anyone got any advice, comments, want to join in?
--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh
I've been playing around with encrypting the connections between console and
conserver and (famous last words) I don't think it would be too difficult to
include TLS/SSL and possibly kerberos encryption into the source (I'm less
sure about openssh since there doesn't seem to be that much documentation
other than the source).
Assuming that there's interest in this what sort of requirements are people
likely to have:
Do we just want to have encrypted channels or to handle things like Kerberos
authentication?
Which protocols would we want (I suspect SSL will be the easiest way to get
some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
ssh)?
Is it a compilation/configuration choice or should conserver support multiple
different systems?
If the answer to the above is yes then what kind of configuration options are
we looking at (only allow kerberos authenticated connections to host foobar?)
NB. I'm not proposing to write code to do all of the above but I'm willing to
make a start, also I don't claim to be any kind of expert or writing security
code and fully expect to drop some real clangers on the way :)
Anyone got any advice, comments, want to join in?
--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh