Citeren Stuart D. Gathman stu...@bmsi.com:
One advantage to client certs is that it avoids weak passwords - but
the client could protect their private key with a weak password.
In case of upsmon, this is a huge waste of effort. The upsmon client
has very little (master) or none at all
On Wed, 12 Jan 2011, emilien...@eaton.com wrote:
If you think that login/password is enought to authenticate clients, I can
remove SSL client authentication parts. It is not a problem.
If an attacker tries to get the password via man-in-the-middle, then
the client connect will fail because the
Objet : Re: [Nut-upsdev] Client certificates
Citeren emilien...@eaton.com:
I have added client certificate checking mainly to avoid
man-in-the-middle attacks or identity usurpation.
A man-in-the-middle attack is impossible if you verify the
server certificate (CERTVERIFY 1). If someone
-Message d'origine-
De :
nut-upsdev-bounces+emilienkia=eaton@lists.alioth.debian.or
g
[mailto:nut-upsdev-bounces+emilienkia=eaton@lists.alioth.d
ebian.org] De la part de Arjen de Korte
Envoyé : mardi 11 janvier 2011 22:15
À : nut-upsdev
Objet : [Nut-upsdev] Client