alfs authentication protocol: assumptions
jhuntwork at linuxfromscratch.org
Mon Nov 28 07:03:30 PST 2005
pak_lfs at freemail.gr wrote:
> My assumptions about the environment the alfs authentication protocol should
> operate in. Please comment.
> 1. There is only one administrator for all the alfs server machines, you.
> (Nobody but you has, or will gain, root access to these machines).
> 2. All administration is done from a *trusted* machine. Only one machine at a
> time will run the client.
> 3. An alfs client will in general administer several server machines
> simultaneously in each session.
> 4. Either the IP or the DNS name (or both, of course) must be static, or
> change veeeeeery rarely.
Hmm. This one I'm not so sure about. I would want my alfsd servers to
accept only connections from me, but I'd want to initiate that session
from any client *I* happen to be using on the network, using dhcp or
not, having a fqdn or not.
> 5. Replaying the commands aside, the data communicated over the alfs session
> protocol is not that valuable. I.e., even if someone manages to record a
> whole session and eventually decrypt it, by this time you will have updated
> your LFS several times, so they won't even be able to infer your current
> system configuration by it.
Agreed. The data isn't valuable, the connection and ability to control
the server is.
More information about the alfs-discuss