zhouhui at wam.umd.edu
Tue Feb 1 18:05:17 PST 2005
On Tue, Feb 01, 2005 at 06:11:14PM -0700, Kevin P. Fleming wrote:
>Gerard Beekmans wrote:
>>it's a more basic structure rather than relying on a program like ssh(d)
>>to do the work for you. What if SSH isn't available? Say during an
>>upgrade. And for it to work nicely you would want to setup keys so you
>>don't have to enter a password. Then, without ssh there has to be some
>>kind of authentication still. I'm not sure about that part yet.
>I do not see any value in building any sort of authentication/security
>system into the alfs tool at all (is that a strong enough opinion?).
>If you want safe transport across the network, either use SSH tunneling,
>tell the user to use a VPN, or build TLS support into alfs using the
>If you want strong authentication, either use SSH tunneling, SSL
>certificates using the OpenSSL library, or full-blown SSL/TLS using SASL
>(which can tie into every authentication database imaginable).
I agree. Trying to implement an authentication is stupid if not
ignorant. However, some trust based security is trivia to implement,
just don't rely on it.
More information about the alfs-discuss