[Klug-general] password / security question / coding

Jeremy Hooks jeremyhooks at googlemail.com
Mon Oct 20 11:58:28 UTC 2008


2008/10/18 Mike Evans <mike at tandem.f9.co.uk>:
> If possible I would also suggest that connectivity and authentication
> between a server manager and managed servers should be done using tried
> and tested security mechanisms, such as ssh validated by certificates in
> both directions.

Correct me if I am wrong, but doesn't this still leaves the problem of
storing the
password/passphrase (an SSH certificate which isn't passphrase protected is
probably no better than a plain text password stored on disk).  However, having
said that SSH does have the advantage that might be able to use a tool like
ssh-agent to save you re-typing the passphrase.

SSH is useful for shell/SCP logins and limiting the commands an ssh client can
execute, but I don't see how it resolves Oly's problem of a
authenticating his web
application against various services (I think he mentioned OpenLDAP in IRC).

Oly probably needs some authentication system that can plug into his various
servers, perhaps Kerberos is the solution, but I don't know enough about it to
recommend it.



More information about the Kent mailing list