* Réf. : [9fans] Auth & cron
@ 2000-07-18 14:42 boyd.roberts
2000-07-18 16:07 ` Fco. J. Ballesteros
0 siblings, 1 reply; 2+ messages in thread
From: boyd.roberts @ 2000-07-18 14:42 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 1569 bytes --]
but how do you auth the user? there is no setuid. you prove
who you are to the auth server by typing a password that is kept
locally and used to authenticate yourself. maybe things have changed
a bit since the 1st release, but my guess is that the auth design is
more or less the same.
so you gotta enter some data to auth yourself. this data must _never_
cross the wire. so if you say server x is my preferred cron server,
just how is server x's cron going to get the auth data to allow the
cron to 'run as you'? 'running as you' is not a matter of uid's, it's
a matter of proving that you are you with the auth data you've been given.
wholesale shipping around private keys from auth to 'trusted' cpu
servers to allow impersonation is just an accident waiting to happen.
you bust the cpu server, you bust the auth server. and all that
stuff is flying around on the wire. no, no and no.
god, we may as well go back to rsh/rlogin -- yes, that hideous mess.
(Embedded
image moved "Fco. J. Ballesteros" <nemo@gsyc.escet.urjc.es>
to file: 18/07/2000 16:34
pic32656.pcx)
Veuillez répondre à 9fans@cse.psu.edu
Pour: 9fans@cse.psu.edu
cc: (ccc: Boyd ROBERTS/EST/DOSI/BANQUE_INDOSUEZ/FR)
Objet: [9fans] Auth & cron
[-- Attachment #2: Type: text/plain, Size: 338 bytes --]
Regarding the discussion before about auth & cron,
what about using a cpu server with a cron process running per user w/
cron entries?
What's wrong w/ this approach?
Perhaps I'm missing something.
--
() ascii ribbon campaign - against html mail
/\ - against microsoft attachments
[-- Attachment #3: pic32656.pcx --]
[-- Type: application/octet-stream, Size: 2427 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Réf. : [9fans] Auth & cron
2000-07-18 14:42 Réf. : [9fans] Auth & cron boyd.roberts
@ 2000-07-18 16:07 ` Fco. J. Ballesteros
0 siblings, 0 replies; 2+ messages in thread
From: Fco. J. Ballesteros @ 2000-07-18 16:07 UTC (permalink / raw)
To: 9fans
>>>>> "boyd" == boyd roberts <boyd.roberts@ca-indosuez.com> writes:
boyd> but how do you auth the user? there is no setuid. you
Just like you are doing it now to run processes on the cpu server.
But you'll keep your `cron' process running forever.
The only bad point I see is that a cpu server reboot will drop your
cron entries.
boyd> so you gotta enter some data to auth yourself. this data
boyd> must _never_ cross the wire. so if you say server x is my
boyd> preferred cron server, just how is server x's cron going to
boyd> get the auth data to allow the cron to 'run as you'?
How are you doing that to run your process on your cpu sever? IMHO it
can be done the same way. But, as I said, I may be missing something.
--
() ascii ribbon campaign - against html mail
/\ - against microsoft attachments
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2000-07-18 16:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-07-18 14:42 Réf. : [9fans] Auth & cron boyd.roberts
2000-07-18 16:07 ` Fco. J. Ballesteros
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).