[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM Authentication Patch
From: |
Chad Walstrom |
Subject: |
Re: PAM Authentication Patch |
Date: |
Sun, 20 Jun 2004 12:39:08 -0500 |
User-agent: |
Mutt/1.5.5.1+cvs20040105i |
Mark D. Baushke wrote:
> The biggest problem I have with PAM support for gnatsd is that you
> will now be sending a credential across the network in the clear which
> is presumably able to be used as a credential outside of gnats. This
> could lead to a simple password replay attack to gain access to
> systems by unauthorized individuals or their agents.
>
> I strongly urge you to first include and enable SSL (or TLS) support
> in gantsd before you allow PAM to be used to authorize connections.
Agreed. This is definitely something that should get on the TODO list
for gnatsd. Alternatively, there are ways of tunneling TCP connections
over secure channels, so I don't think the lack of gnutls integration
should exclude the PAM patch.
We should make it abundantly clear in the documentation that use of PAM
authentication should be thoroughly protected. If such measures cannot
be taken, don't enable PAM.
--
Chad Walstrom <address@hidden> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
signature.asc
Description: Digital signature
- CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Chad C. Walstrom, 2004/06/10
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Chad C. Walstrom, 2004/06/10
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Mel Hatzis, 2004/06/11
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Andrew Gray, 2004/06/12
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Yngve Svendsen, 2004/06/10
- Re: CVS, Documentation, TODO Lists, New Maintainer, and Stuff, Pankaj K Garg, 2004/06/14
- Re: PAM Authentication Patch, Chad Walstrom, 2004/06/21