[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

RE: conserver with encryption

Chris Fowler ChrisF@computone.com
Mon, 21 May 2001 08:24:15 -0700 (PDT)

Title: RE: conserver with encryption

You guys talk about encryption but has anyone actually tried to implement
it in this type of software.  It takes a trmendous amount of work and investment from someone to do this.  It's easy to say I want SSH II or I want SSH I.  It is a very different thing to be the one to code it.  sorry to be blunt but we've been in this circumstance.   OpenSSH is very big.


-----Original Message-----
From: Doug Hughes [mailto:doug@gblx.net]
Sent: Monday, May 21, 2001 11:19 AM
To: Bryan Stansell
Cc: users@conserver.com
Subject: Re: conserver with encryption

On Mon, 21 May 2001, Bryan Stansell wrote:

> On Mon, May 21, 2001 at 11:29:36AM +0100, Iain Rae wrote:
> > Do we just want to have encrypted channels or to handle things like Kerberos
> > authentication?
> Encryption would be extremely nice...whatever type (I'd like to not
> have to install ssl certs, but others probably would, to verify it's
> really their console server - just a thought).  Authentication, on the
> other hand, is another beast and, while it too would be great
> (kerberos, securid, s-key, ...), it's a whole different set of code
> manipulation and I'd suggest thinking about them separately.
> > Which protocols would we want (I suspect SSL will be the easiest way to get
> > some kind of encrypted channel, but we (dcs) would want Kerberos and possibly
> > ssh)?
> >
> > Is it a compilation/configuration choice or should conserver support multiple
> > different systems?
> My first thought is it should be a compilation choice - you don't want
> to have to have kerberos, ssh, and ssl libraries to just compile the
> thing.  Would anyone want to run multiple protocols within a conserver
> installation?  I'd think not (beyond the "that would be cool" factor),
> but, opinions?  I know I'd just pick one and compile it in.

I'd opt for:
--with-openssl=... --with-ssl-cert=... --with-libcrypto=... --with-kerbv5=...
(type of stuff - make them all independent modules)


users mailing list