[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: .k5command -- new stuff for rsh
We have a very specific application here which uses this feature
of ssh; we run aide on all our hosts by uploading a fresh aide
binary and configuration file and pulling the resulting database
back to the server for analysis. This is not a bullet-proof solution
but it keeps us from running around with diskettes all the time.
I firmly believe that the .k5command-feature is capable of much
improvement but as for roles and authrization we plan to use
for the two tasks performed by our remote-aide scripts. This looks
roughly equivalent (apart from the per-ip authorization) to what is
available in ssh today.
Having said that I agree with Brian that more thought should be put
into creating a good authorization and policy framework for kerberos.
I am not sure that it has anything to do with spki though... Beeing
of that persuation myself ;-) I tend to believe that policy and
authorization info belong in directories.