I'm not suggesting any change. Merely correcting a misstatement I made earlier.

I believe the documentation already recommends best practice.

On Oct 10, 2007, at 10:53 AM, Magnus Hagander wrote:

Tom Lane wrote:
"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
You know, I don't know what I was thinking when I sent this.  My
apologies for the late correction.

Anyone who has a copy of the "host" keys for a machine can
manufacture kerberos tickets for the "host" service on that machine
masquerading as absolutely anyone (including people who don't
exist). Same for the "postgres" keys, and if the postgres server can
steal the host keys (or vice versa) then it's even worse.

Maybe I'm too dense, but I don't see a conclusion here. Do we need to
change our code, our docs, both, or neither?

I don't think we do. If you use service keys per our documentation, you
should be fine. And if someone owns your host keys, you lost already.


The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to