[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver with encryption

Doug Hughes doug@gblx.net
Mon, 21 May 2001 08:19:26 -0700 (PDT)

On Mon, 21 May 2001, Bryan Stansell wrote:

> On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> > Do we just want to have encrypted channels or to handle things like Kerberos 
> > authentication?
> Encryption would be extremely nice...whatever type (I'd like to not
> have to install ssl certs, but others probably would, to verify it's
> really their console server - just a thought).  Authentication, on the
> other hand, is another beast and, while it too would be great
> (kerberos, securid, s-key, ...), it's a whole different set of code
> manipulation and I'd suggest thinking about them separately.
> > Which protocols would we want (I suspect SSL will be the easiest way to get 
> > some kind of encrypted channel, but we (dcs) would want Kerberos and possibly 
> > ssh)?
> > 
> > Is it a compilation/configuration choice or should conserver support multiple 
> > different systems?
> My first thought is it should be a compilation choice - you don't want
> to have to have kerberos, ssh, and ssl libraries to just compile the
> thing.  Would anyone want to run multiple protocols within a conserver
> installation?  I'd think not (beyond the "that would be cool" factor),
> but, opinions?  I know I'd just pick one and compile it in.

I'd opt for:
--with-openssl=... --with-ssl-cert=... --with-libcrypto=... --with-kerbv5=...
(type of stuff - make them all independent modules)