From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <0abee76043156cc59a435a19fa3c6b08@proxima.alt.za>
To: 9fans@9fans.net
Date: Wed, 19 Nov 2014 05:50:29 +0200
From: lucio@proxima.alt.za
In-Reply-To: <6dcda8d871ab3643e001b3583cbf875e@lilly.quanstro.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] running plan9 : an ideal setup?
Topicbox-Message-UUID: 2bef9bda-ead9-11e9-9d60-3106f5b1d025

> i think reality
> booges things up, and it doesn't really work out.

More specifically, an auth server can provide very tight security, but
where such is not needed, it is too tempting to run services on it as
it is the most convenient place to do it from.  Once you have enough
power behind the auth server to run one service, you no longer have
the security benefits.  Discipline is demanded and the price is a bit
steep.

I know because for a long time I ran an auth server on what would be
considered a toy even back then, but once it failed, it was never
re-deployed.

Reading some of the scary stuff the NSA seems to be getting up to,
though, it is nice to know that your border equipment (not your
private auth server) is unlikely ever to be "owned" by NSA spooks.

Lucio.

PS: I do have a dedicated auth server, but electricity supply
constraints cause it to stay off most of the time, leading to bit rot.
The unreliabilty of the Internet link means it cannot act as auth
server for my public equipment, so that problem needs to be solved
first.  Running it off a photovoltaic/battery source is definitely the
next plan.


-------------------------------------------------------------------------------------
This email has been scanned by the MxScan Email Security System.
-------------------------------------------------------------------------------------