[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Useful utility?
Black Unicorn <[email protected]> writes:
>> I've been hearing a lot of complaints from sysadmins who I try to convince
>> to run SSH lately.
>>
>> "Key management is too difficult."
>> "I cant keep track of all that stuff."
>>
>> I think that an interesting answer might be a ssh key issuing "robot." or
>> vending machine of sorts.
>>
>> It might works something like this.
>>
>> [ details omitted ]
>>
>> Comments?
It sounds like you've basically reinvented Kerberos, at least from a
key management perspective. If you consider some of the pk extensions
to Kerberos which have been proposed recently, it's even vaguely
similar cryptographically.
SSH is great if you control everything in your environment, and if the
number of users and endpoints is small. But as these parameters grow
and change, Kerberos is more useful, because it scales more easily.
What would be truly useful would be to combine the different
approaches, so that you could use whichever mode was most appropriate
to your environment. This is possible, but the details are subtle,
and would probably make backward compatibility difficult.
Marc