[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Identity (SSH Key) Management in Linux
> What's practical for the slightly overprotective home user behind a
> firewall and providing "always on" content/services to random internet
> users? Is "trust the firewall completely" "good enough" to use
> convenient, lax policies inside the firewall?
Pretty much, IMHO. If you really wanna put the keys in a central
repository, I like Jeff's suggestion of using an LDAP DB (or some other
easily replicable DB system, like MySQL) with a live replica and a
periodic removable archive.
I don't like the idea of storing all keys in any single place at all,
personally, that just seems to be screaming out for abuse. If you start
putting home directories on a central network file server (not
specifically NFS, though) or partition, and symlink in the distro-specific
parts of the directory, then you can leave the keys in the "common" part
or the home directories. I guess that's not really much more secure than
putting them in the user's LDAP entry as an extra attribute, but it feels
that way... :)
--Danny, mostly just musing...
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.