On Sun, Aug 31, 2008 at 01:16:32AM +0200, Bastian Blank wrote:
> On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> > (for some infathomable reason, the firefox developers consider Negotiate
> > authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> > why that is,
Wouter Verhelst <[EMAIL PROTECTED]> writes:
> (for some infathomable reason, the firefox developers consider Negotiate
> authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> why that is, and never saw a compelling argument...)
Well, having your browser spontaneously authentica
Bastian Blank <[EMAIL PROTECTED]> writes:
> On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
>> - AFS suffers from the not-a-filesystem syndrome: file access
>> control is not unix-like and will confuse users.
>
> Also other parts are not really POSIX-like. Hardli
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
> > > What other options did we forget?
> > - Setup Kerberos, allow it as an additional ssh login variant
> Circumvents the entire idea behind this exercise: Assuming an attacker
> already has control over one host we want to make
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> (for some infathomable reason, the firefox developers consider Negotiate
> authentication to be unsafe with untrusted and/or non-SSL hosts. Dunno
> why that is, and never saw a compelling argument...)
Negotiate auth does not provid
On Sat, Aug 30, 2008 at 06:48:57PM +0200, Wouter Verhelst wrote:
> > + once we have a krb realm we could maybe also use it for other
> > stuff like all those web services that require logins. How
> > good is krb support in browsers these days?
> Pretty good. Konqueror
* Peter Palfrader:
> What other options did we forget?
Modern NFS over IPsec to a central file server. However, less than
stellar bandwidth at the Debian servers requires really, really modern
NFS with persistent caching.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - setup afs
>
> Using AFS would allow us to use a shared /afs/debian.org tree on all
> our systems. AFS does all the magic crypto stuff so you don't have to
> worry about Eve sniffing or Mallory tampering with packets.
>
>
On 30/08/08 at 02:03 +0200, Sven Luther wrote:
> - in a thread about some guy who chose to hide is name probably to
> circumvent a similar ban than i am under, and accuse the debian governance
> of all kind of evil acts, in maybe a clumsy way, Martin Shulze chose to use
> my name in a contempting
On Sat, 30 Aug 2008, Bastian Blank wrote:
> > Or you use only resolvers that you have a trusted (i.e. ipsec)
> > connection to and those need to have a complete axfr'ed zone.
>
> Then we can drop the whole ud-ldap thing and use centralized
> authentication.
Um. I don't see why that follows. I
On Sat, Aug 30, 2008 at 05:46:16PM +0200, Peter Palfrader wrote:
> On Sat, 30 Aug 2008, Bastian Blank wrote:
> > On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > > The crypto stuff could be alleviated by using ipsec between all our
> > > servers. But that works even less we
[Trimming lists]
On Sat, 30 Aug 2008, Bastian Blank wrote:
> On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> > - install sendfile/saft on all machines so you can do
> > sendfile foo.tar.gz [EMAIL PROTECTED]
> >
> > The crypto stuff could be alleviated by using ipsec betw
On Sat, Aug 30, 2008 at 03:16:01PM +0200, Bastian Blank wrote:
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
+ once we have a krb realm we could maybe also use it for other
stuff like all those web services that require logins. How
good is krb supp
On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:
> - install sendfile/saft on all machines so you can do
> sendfile foo.tar.gz [EMAIL PROTECTED]
>
> The crypto stuff could be alleviated by using ipsec between all our
> servers. But that works even less well than you'd expe
Hello,
Sven Luther was invited to the Extremadura event, and people in the
group was asked and nobody was uncomfortable with him, so we (mostly I
did) decided it was ok for him to come. After some time it looks like
there is some people arround that place by that time that it is not
comfortable wi
[Let's move this to debian-project since there is no
debian-admin-public-bikeshedding. I hope mutt doesn't eat my
Mail-Followup-To header.]
On Thu, 28 Aug 2008, Peter Palfrader wrote:
> > I generally avoid using password authentication to Debian hosts, *except* in
> > the particular case of scp'
"Sven Luther" <[EMAIL PROTECTED]> wrote:
> There are two recent events which made me decide to write this mail, and
> circumvent the ban, which is something which i have not done in over a year.
[...]
> - [...someone] chose to use
> my name in a contempting way, and nobody thought it worth to cri
17 matches
Mail list logo
