help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bootstrapping


From: Nate Campi
Subject: Re: Bootstrapping
Date: Wed, 18 Feb 2004 12:13:23 -0800
User-agent: Mutt/1.3.28i

On Wed, Feb 18, 2004 at 05:59:36PM +0100, address@hidden wrote:
> 
> A fingerprint model is a possibilty but then you have the
> issue of how to refer to the owners of those keys in the
> admit: ACLs. If you cannot know the IP address, then how do
> you do access control? Using random fingerprints would be
> very cumbersome to maintain.

Offhand I can't think of a way around it. With the mobile hosts, the
cfservd process they phone home to probably doesn't use a whole lot in
the way of admit: restrictions anyways. Most of the access control will
be whether or not the connection is allowed after key exchange, then yes
or no stuff in the admit sections (as in don't allow cfrunCommand but
allow anyone we allow connections from to copy any files we give cfservd
access to).

That's how it seems to me, anyways.
-- 
Nate

"A man who won't die for something is not fit to live." 
 -Martin Luther King, Jr.  
 
"The report of my death was an exaggeration." 
 -Mark Twain, After reading his own obituary, June 2, 1897  





reply via email to

[Prev in Thread] Current Thread [Next in Thread]