Re: Ostiary

2005-08-03 Thread Alexander Klimov
On Tue, 2 Aug 2005, Udhay Shankar N wrote: Sounds interesting. Has anybody used this, and are there any comments? For similar purpose I used to use .qmail based system: the script started from .qmail when a message to some special address arrives, the script checks the digital signature on the

Ostiary

2005-08-02 Thread Udhay Shankar N
, to minimize the risk. And for other purposes, ssh et. al. are overkill. Perhaps you only really need to remotely initiate a limited set of operations. In this case, you don't need a shell prompt, just a way to securely kick off scripts from elsewhere. Enter 'Ostiary'. It is designed to allow

Re: Ostiary

2005-08-02 Thread Ian Grigg
a shell prompt, just a way to securely kick off scripts from elsewhere. Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands remotely, without giving everyone else access to the same commands. It is designed to do exactly and only what is necessary

Re: Ostiary

2005-08-02 Thread Karl Chen
As an authentication protocol, it looks vulnerable to a time synchronization attack: an attacker that can desynchronize the server and client's clocks predictably can block the client's authentication and use it as his own. (Assuming the server's clock is monotonically increasing, the command can

Re: Ostiary

2005-08-02 Thread Nicolas Rachinsky
* Karl Chen [EMAIL PROTECTED] [2005-08-02 09:24 -0700]: As an authentication protocol, it looks vulnerable to a time synchronization attack: an attacker that can desynchronize the server and client's clocks predictably can block the client's authentication and use it as his own. (Assuming the