Programming language

Hui Zhou zhouhui at wam.umd.edu
Tue Feb 1 18:05:17 PST 2005


On Tue, Feb 01, 2005 at 06:11:14PM -0700, Kevin P. Fleming wrote:
>Gerard Beekmans wrote:
>
>>it's a more basic structure rather than relying on a program like ssh(d)
>>to do the work for you. What if SSH isn't available? Say during an
>>upgrade. And for it to work nicely you would want to setup keys so you
>>don't have to enter a password. Then, without ssh there has to be some
>>kind of authentication still. I'm not sure about that part yet.
>
>I do not see any value in building any sort of authentication/security 
>system into the alfs tool at all (is that a strong enough opinion?).
>
>If you want safe transport across the network, either use SSH tunneling, 
>tell the user to use a VPN, or build TLS support into alfs using the 
>OpenSSL library.
>
>If you want strong authentication, either use SSH tunneling, SSL 
>certificates using the OpenSSL library, or full-blown SSL/TLS using SASL 
>(which can tie into every authentication database imaginable).

I agree. Trying to implement an authentication is stupid if not 
ignorant. However, some trust based security is trivia to implement, 
just don't rely on it. 

-- 
Hui Zhou



More information about the alfs-discuss mailing list