[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Iain Rae iainr@dcs.ed.ac.uk
Mon, 21 May 2001 09:41:19 -0700 (PDT)
> > I've done it. Yes, it is work. Doing it modularly will be even more work. > However, in order to do this right (not creating dependency hell), I > think it's the right way. (Kerberos would be a *whole* lot of work for > somebody wishing to incorporate that with modularity). can you point at any decent docs/examples I could take a look at? I was thinking of digging through the cyrus-imap or <winces>samba code. > > Just my $.02. > > The easiest way would be to just add encryption using something like > cryptolib. Use DH to gen keys on both ends and then 3DES or IDEA > or blowfish or whatever to encrypt things. Then have a set of > #ifdefs in the appropriate place in the communication path to > initialize the session and before/after network reads/writes to > encrypt/decrypt. > > This is bare bones. It doesn't provide for man in the middle > prevention, it doesn't verify authenticaticity. It does prevent > passwords from transiting in the clear. Using something like this > with tcp_wrappers provides some additional protection at marginal > effort increment. In the first instance all I'm looking to is provide an encrypted channel between the various hosts, but if I'm going to do that I'd rather work the code to try and make it easier to add other systems and in the med-long term we'd (DCS) be looking for kerberos anyway so anything I'd do would have one eye on that. I was also thinking that you would probably want something that didn't require an infrastructure to fall back on, not much point in having kerberos if it's your kerberos servers you're trying to get to the consoles of. This pretty much ties you to a modular system from the start ( if your bare-bones system above doesn't work do you drop back to cleartext or drop the connection). -- Iain Rae Tel:01316505202 Computing Officer JCMB:2148 Division of Informatics The University of Edinburgh