help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine, firewall and security


From: Christopher Browne
Subject: Re: cfengine, firewall and security
Date: Thu, 09 Nov 2000 22:30:48 -0600

On Thu, 09 Nov 2000 11:46:42 +0100, the world broke into rejoicing as
"Patrice GUERLAIS" <patrice.guerlais@echo.fr>  said:
> has anybody ever tried to use cfengine through a firewall without
> compromising security ? I mean, keep the reference server protected
> behind a firewall, and synchronize clients located both inside and
> outside the firewall.

There seems to me to be considerable merit to the idea of using rsync
to distribute the files; that provides two things:

 a) rsync already knows how to do strong authentication using RSA;

 b) rsync can cope well minimizing the traffic required, pushing out
    only those portions of files that have changed.

It would be eminently sensible for cfengine to be used to move into
place the initial authentication information for rsync, and then to
invoke rsync to pull datafiles.
--
(concatenate 'string "cbbrowne" "@ntlug.org") <http://www.hex.net/~cbbrowne/>
Rules of the Evil Overlord #15. "I will never employ any device with
a digital countdown. If I find that such a device is absolutely
unavoidable, I will set it to activate when the counter reaches 117
and the hero is just putting his plan into operation."
<http://www.eviloverlord.com/>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]