[EMAIL PROTECTED] wrote:
My requirements from the alfs authentication protocol, please comment.
1. At all times, the client must be sure that they are talking to a specific
server and not another random machine which just looks like this server and
seems to have the same ip/hostname. (Identification).
Agreed.
2. At all times, the server must be sure that both it is talking to its *one
and only* client *and* that behind this client is its *one and only*
administrator (authorization). In particular, given that whoever manages to
impersonate the client/admin combination gets in effect unlimited privileges
on *all* the servers, this must be *much* harder to accomplish than
impersonating the server.
Agreed - tentatively. I would like to point out that this shouldn't be
done exclusively by identifying a particular machine (though possibly we
could set it up that way in a conf file - you could disallow access from
a range of ips or perhaps only accept from a specific ip or a specific
hardware address). For example, perhaps you start the build from a
client running on one machine. You have to leave for a bit, but later
want to connect via another machine and see the progress. This should be
a possibility.
3. For this protocol to be convenient enough for its typical use case (one
client multiple servers), there must be a *single* authentication token
authenticating the client to all server. I.e., the admin should not be forced
to supply a different password for each server. More generally, the amount of
authentication resources (passwords, keys, certificates, whatever) per
machine must be kept to a bare minimum.
Sounds reasonable.
4. The protocol must be largely based on existing solutions as much as
possible, in order to be implementable. We don't want to reinvent TLS, as I
don't think we would improve it. On the other hand, we want to keep the
number of external dependencies as small as possible (most probably, at most
one).
Agreed.
5. Some users, in some cases may use this protocol over slow lines (e.g., It
happens several times that I would have to do administration work on the lab
machines(alfs servers), from my laptop at home, through a lousy 56k (god help
if its even 56k!) dialup. So, reducing latency and keeping roundrips to a
minimum is a *good thing*, though I realise that this requirement has the
lowest priority.
Yep. :)
--
JH
--
http://linuxfromscratch.org/mailman/listinfo/alfs-discuss
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
