[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver with encryption

Bryan Stansell bryan@conserver.com
Mon, 21 May 2001 08:15:50 -0700 (PDT)

On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> Do we just want to have encrypted channels or to handle things like Kerberos 
> authentication?

Encryption would be extremely nice...whatever type (I'd like to not
have to install ssl certs, but others probably would, to verify it's
really their console server - just a thought).  Authentication, on the
other hand, is another beast and, while it too would be great
(kerberos, securid, s-key, ...), it's a whole different set of code
manipulation and I'd suggest thinking about them separately.

> Which protocols would we want (I suspect SSL will be the easiest way to get 
> some kind of encrypted channel, but we (dcs) would want Kerberos and possibly 
> ssh)?
> Is it a compilation/configuration choice or should conserver support multiple 
> different systems?

My first thought is it should be a compilation choice - you don't want
to have to have kerberos, ssh, and ssl libraries to just compile the
thing.  Would anyone want to run multiple protocols within a conserver
installation?  I'd think not (beyond the "that would be cool" factor),
but, opinions?  I know I'd just pick one and compile it in.