Re: [Gnumed-devel] GNUmed options for security (authentication) includin

gnumed-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] GNUmed options for security (authentication) includin

From:	syan tan
Subject:	Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos
Date:	Sat, 16 Dec 2006 11:01:39 +1100

I will rewrite this, as it was a bit rushed. 
Start with making bind work.

On Fri, 2006-12-15 at 09:26 -0800, J Busser wrote: 
> I was looking over some wiki pages and came across
> 
>       http://salaam.homeunix.com/bin/view/Gnumed/ 
> DebianKerberosLDAPBindGnumedWalkthrough
> 
> Am I correct that a browser based client (like Oscar) --- if required  
> to use https --- avoids interception (in the clear) of the user's id  
> and password at any point along the network?
> 
> Am I correct to think that when one accesses a GNUmed server that was  
> set up following the basic installation procedures, there is no  
> protection against such interception, unless extra measures (like  
> kerberization of the server as per Syan's notes) are taken?
> 
> If skipping this step or equivalent could be considered poor practice  
> (poor protection of access to patient data) then must we make some  
> reference to this in the installation notes?
> 
> Related questions:
> 
> - are there any extra dependencies for client machines to access  
> kerberized GNUmed or do the basic installations of Linux distros and  
> Windows include support for kerberos so the user would need set up  
> nothing extra on the client machine(s)?
> 
> - when adding a new office worker or doctor into kerberized GNUmed  
> would each new person somehow have to be separately registered with  
> kerberos? Would this require user maintenance of a public and private  
> key separate from their GNUmed userid & password?
> 
> - though some recommend the kerberos server run no other processes  
> would people feel it is reasonable to run postgres and to serve  
> GNUmed on the same server? Are there additional process that people  
> feel should run on the same server or on a different machine, for  
> example the fetching of results and the handling of email...  
> different machine??? Would running different virtual machines on the  
> same physical machine be a good way to achieve what is desirable,  
> supposing data could be "pushed" across the machines as required?
> 
> 
> 
> 
> 
> _______________________________________________
> Gnumed-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnumed-devel
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnumed-devel] GNUmed options for security (authentication) including kerberos, J Busser, 2006/12/15
- Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos, syan tan <=
- Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos, syan tan, 2006/12/16
- Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos, Karsten Hilbert, 2006/12/16

Prev by Date: [Gnumed-devel] GNUmed options for security (authentication) including kerberos
Next by Date: Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos
Previous by thread: [Gnumed-devel] GNUmed options for security (authentication) including kerberos
Next by thread: Re: [Gnumed-devel] GNUmed options for security (authentication) including kerberos
Index(es):
- Date
- Thread