On Tue, Oct 25, 2016 at 3:00 PM, Dennis Gilmore <den...@ausil.us> wrote: > On martes, 25 de octubre de 2016 2:42:15 PM CDT Ken Dreyer wrote: >> Hi Amanda, >> >> I'm curious about this change: "Kerberos support in koji, fedpkg, OSBS " >> >> Is koji.fedoraproject.org is going to eventually stop supporting TLS >> authentication, and we'll have a Fedora-project-wide Kerberos >> infrastructure instead? > > there will be kerberos auth for koji and lookaise cache, if it will be project > wide or not I am not sure that is decided yet.
Thanks Dennis. I'm curious about this because most organizations do not expose their KDCs directly to the internet. As I understand it, it's possible for a passive attacker to sniff the TGT exchange and brute-force a password, whereas this attack scenario is not possible with Koji's current HTTPS client cert authentication. - Ken _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
