[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAPv3: The OpenLDAP/Kerberos/SASL soup (was Kerberos andDIGEST-MD5)

* Howard Chu (hyc@symas.com) [040730 02:28]:
> I don't think that's the main purpose of the LDAP-enabled KDC, 

what is the main purpose? please enlighten me. (c:

> >But people tell me that this idea is against the spirit of
> >kerberos. (An alternative idea for MIT Kerberos would be ssh keys
> >without passphrases for every server and automatic distribution
> >over ssh.)
> And then you've solved your Kerberos key distribution problem by turning 
> it into an ssh key distribution problem. Not exactly a step forward.

i agree. and at least ldap is *designed* to distribute
information in the network, while ssh is not.

> In all of the available security solutions you always have a 
> bootstrapping problem. I guess using SSL may be the easiest approach - 
> you can distribute the CA certificate over a cleartext session, and then 
> use secure sessions from then on. This assumes that no one is spoofing 
> your cleartext LDAP service and substituting their own CA cert in the 
> stream, of course. Otherwise, the only sure way to bootstrap is to 
> physically transport (e.g., CF 


> or floppy disk) a trusted cert to every 
> client machine and load it manually.

why would a stolen certificate, transmitted in the clear be no
problem? would you encode some special info (which? the server`s
IP?) into the SubAltName to make it worthless for the thief?
the initial cert could be valid for a very short time (the
bootstrap process), but that would just decrease the time window
for an attack.

Would you move/copy the servers` private keys (which were needed to
generate there servers` certs) onto the servers once a privat
channel is established?