|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] PAM globally fixed cert and key number
From: Karsten Ohme (widerstand
t-online.de)
Date: Fri May 27 2005 - 07:10:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bruce Barnett wrote:
>> The goal is to disburden the user and to have self administrating
>> systems. (E.g. I hate to disperse my public keys in SSH for public
>> key authentication. My login in the network is everywhere the same,
>> but I have a separate home directory.)
>
>
> When I authenticate myself with a local system, and then log onto a
> remote system, the remote system has to know the public key as well.
>
> I can use ssh now, and this works,but the remote machine must know
> the public key. How would you address this?
This was only an example, that SSH has a higher administration
investment. The comparison For SSH this does not work in another way.
SSH would have to support something like the ROOTCERT mode of the PAM
module to get rid of it. I obly wanted to emphasize that configuration
should not be used if they are not necessary, like in the case of the
PAM module for the cert number and key number.
Bye, Karsten
>
>
>> And if a configuration file is really needed it should be stored on
>> the smart card. Smart card have to be portable, the ideal is that
>> on each machine where I have never logged on before everything
>> works fine.
>
>
> I'm not sure I understand. How will the new system get your public
> key? _______________________________________________ Muscle mailing
> list Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]