On Tue, 2 Aug 2005, Udhay Shankar N wrote:
Sounds interesting. Has anybody used this, and are there any comments?
For similar purpose I used to use .qmail based system: the script
started from .qmail when a message to some special address arrives,
the script checks the digital signature on the
, to
minimize the risk. And for other purposes, ssh et. al. are overkill.
Perhaps you only really need to remotely initiate a limited set of
operations. In this case, you don't need a shell prompt, just a way to
securely kick off scripts from elsewhere.
Enter 'Ostiary'. It is designed to allow
a shell prompt, just a way to
securely kick off scripts from elsewhere.
Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands
remotely, without giving everyone else access to the same commands. It is
designed to do exactly and only what is necessary
As an authentication protocol, it looks vulnerable to a time
synchronization attack: an attacker that can desynchronize the server
and client's clocks predictably can block the client's authentication
and use it as his own. (Assuming the server's clock is monotonically
increasing, the command can
* Karl Chen [EMAIL PROTECTED] [2005-08-02 09:24 -0700]:
As an authentication protocol, it looks vulnerable to a time
synchronization attack: an attacker that can desynchronize the server
and client's clocks predictably can block the client's authentication
and use it as his own. (Assuming the
