[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Open LDAP and SNMP
On Wed, 9 Apr 2003, vadim tarassov wrote:
> Michael Ströder wrote:
>
> > Mark H. Wood wrote:
>
> Hallo everybody,
>
> damned, still did not have time to take care of this thing .....
> Regarding security ..... Look, there are several simple things one
> should admit
>
> 1) It is up to you to make your network secure. In general, as soon as
> "start TLS" is considered as secure, SNMP set up in proper way may be
> considered to be secure too. Look, considering SSL or "start TLS" as
> secure mainly indicates that you forgot for a moment that OpenLDAP
> expectes unencrypted private key on a file system. I wonder if you
> managed to pass through any meaningful auditing .... Keeping this in
> mind I would like to propose to omit further discussion on this subject.
>
> 2) It is up to you to use SNMP as a management tool or not. It is the
> same as with monitor backend - you either have it or not. You decide to
> have it or not via configure script.
>
> 3) As soon as you trust your employees the possibility to administrate
> something over SNMP is definitly cool thing. It does not make your setup
> more insecure as it is absolutely insecure already (see p.1), however
> makes it more handy.
>
Why do you need an approval/agreement from others? You must be unsure
about it. Write the code and submit the code to the openldap communuity.
If it is really 'cool' or most imporatantly useful, it'll make it to the
distro.
--
Igor