I was looking over some wiki pages and came across
http://salaam.homeunix.com/bin/view/Gnumed/
DebianKerberosLDAPBindGnumedWalkthrough
Am I correct that a browser based client (like Oscar) --- if required
to use https --- avoids interception (in the clear) of the user's id
and password at any point along the network?
Am I correct to think that when one accesses a GNUmed server that was
set up following the basic installation procedures, there is no
protection against such interception, unless extra measures (like
kerberization of the server as per Syan's notes) are taken?
If skipping this step or equivalent could be considered poor practice
(poor protection of access to patient data) then must we make some
reference to this in the installation notes?
Related questions:
- are there any extra dependencies for client machines to access
kerberized GNUmed or do the basic installations of Linux distros and
Windows include support for kerberos so the user would need set up
nothing extra on the client machine(s)?
- when adding a new office worker or doctor into kerberized GNUmed
would each new person somehow have to be separately registered with
kerberos? Would this require user maintenance of a public and private
key separate from their GNUmed userid & password?
- though some recommend the kerberos server run no other processes
would people feel it is reasonable to run postgres and to serve
GNUmed on the same server? Are there additional process that people
feel should run on the same server or on a different machine, for
example the fetching of results and the handling of email...
different machine??? Would running different virtual machines on the
same physical machine be a good way to achieve what is desirable,
supposing data could be "pushed" across the machines as required?
_______________________________________________
Gnumed-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnumed-devel
