[Klug-general] password / security question / coding

Mike Evans mike at tandem.f9.co.uk
Mon Oct 20 15:14:56 UTC 2008 


Jeremy Hooks wrote:
> 2008/10/18 Mike Evans <mike at tandem.f9.co.uk>:
>> If possible I would also suggest that connectivity and authentication
>> between a server manager and managed servers should be done using tried
>> and tested security mechanisms, such as ssh validated by certificates in
>> both directions.
> 
> Correct me if I am wrong, but doesn't this still leaves the problem of
> storing the
> password/passphrase (an SSH certificate which isn't passphrase protected is
> probably no better than a plain text password stored on disk).  However, having
> said that SSH does have the advantage that might be able to use a tool like
> ssh-agent to save you re-typing the passphrase.
> 
This point was an 'also': the reasoning being that communication with 
services should be done over a secure connection (given that TCP Packet 
sniffing is trivial once you have one machine on the network under your 
control) and that it shouldn't need to be re-invented as there are 
existing mechanisms (ssh, https etc).  Of course certificates should be 
protected and I probably should have said that too.

Oly didn't provide much by way of a use case to go on but I assumed that 
a user would have to authenticate to the server manager in order to 
command it to take some action.  I would therefore expect that that 
authentication process would provide whatever was required to access the 
protected data, such as a password or phrase.  Authentication would be 
done once and all the stored secrets would then be available to the 
server manager processes to use on behalf of that authenticated user. 
My first recommendation is that the stored secrets not be decrypted en 
masse and stored in memory - particularly something like a large static 
array which would have a predictable location.

 From my understanding this would be similar to ssh-agent, or 
gnome-keyring and the like.  Perhaps the code bases for those tools 
would be a good place to start.

I do think Kerberos would be a good option.  Like Jeremy I've not used 
it in anger so I'm only aware of it in general terms.  I think that 
probably goes for most people, and as a result we all have the same fear 
of the unknown about it.  That's probably the main reason it is so 
little used :-)

Mike

More information about the Kent mailing list