On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
> On Sat, 30 Aug 2008, Bastian Blank wrote:
> > On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > > The crypto stuff could be alleviated by using ipsec between all our
> > > servers. But that works even less well than you'd expect.
> > The machines needs to check DNSSEC or the names can be spoofed which
> > makes ipsec mood.
> Or you use only resolvers that you have a trusted (i.e. ipsec)
> connection to and those need to have a complete axfr'ed zone.
Then we can drop the whole ud-ldap thing and use centralized
authentication.
> > > What other options did we forget?
> >
> > - Setup Kerberos, allow it as an additional ssh login variant
>
> Circumvents the entire idea behind this exercise: Assuming an attacker
> already has control over one host we want to make it as hard as possible
> for them to jump to other hosts.
Nope. It is the same that ssh with key auth. Anything an attacker can
get is a short-term secret in form of a forwarded ticket. The service
ticket themself is useless for anything else then the direct connection
between the user and the server.
Bastian
--
Too much of anything, even love, isn't necessarily a good thing.
-- Kirk, "The Trouble with Tribbles", stardate 4525.6
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
