[Toolserver-l] The Norwegian toolserver
Fahad Sadah
fahadsadah at googlemail.com
Sat Aug 1 15:46:33 UTC 2009
>
> - - critical vulnerabilities are frequently discovered in the MIT Kerberos
> software, while SSH has had very few serious security issues, and none
> recently.
I didn't know that, tbh. I've used krb5 somewhere else for a while now, and
no break-ins.
- - Kerberos only works with password authentication, meaning anyone can log
> into
> any account if they know the password; for example, because someone
> accidentally typed their password into IRC, or wrote it down somewhere.
> strong password policy requires restrictions on password contents (length,
> character types, etc) that encourage users to write them down (especially
> when you have a lot of non-technical users, like us)
>
This is the main problem. However "a lot of non-technical users, like us" is
untrue.
> - - conversely, it is very difficult to accidentally paste a private key
> somewhere, and it's impossible to guess. even if it was leaked, the user
> would also have to leak the passphrase.
>
I doubt many people here use passphrases
Kerberos was just an example, btw. I was just suggesting the idea of using a
centralized auth system.
Fahad Sadah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wikimedia.org/pipermail/toolserver-l/attachments/20090801/5ddc64fd/attachment.htm
More information about the Toolserver-l
mailing list