On Tue, 2012-11-13 at 18:43 -0500, Dmitri Pal wrote: > > This is not always necessarily a problem. In some situations the 2 > > domains may exist for reasons that do not have much to do with level > of > > trusts, meaning the 2 domains are within the same trust boundaries, > > however if the 2 domains are separate in order to create trust > > boundaries, then joining a machine to both is technically an issue. > > Dah! :-) > > Common wisdom 101: > > "Do not play with fire!" > "Do not talk to strangers!" > "Fasten seat belts!" > "Do not put a client into two domains that have different trust > levels!" > ... > I wish it was common sense, but experience tells me these kind of security considerations need to be spelled out because a lot of people do not think about them.
Luckily we still have naive people out there that do not have their brain wired to think about how someone may exploit whatever you have rigged up, paranoia is the next step :-) Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel