[CentOS] NIS or not?

Wed Jan 29 10:30:47 UTC 2014
Sorin Srbu <Sorin.Srbu at orgfarm.uu.se>

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Jeffrey Hass
> Sent: den 29 januari 2014 11:11
> To: CentOS mailing list
> Subject: Re: [CentOS] NIS or not?
>
> Almost forgot, //Sorin:
>
> SSL uses public key cryptography:
>
>  1. You (or your browser) has a public/private keypair
>  2. The server has a public/private key as well
>  3. You generate a symmetric session key
>  4. You encrypt with the server's public key and send this encrypted
>     session key to the server.
>  5. The server decrypts the encrypted session key with its private key.
>  6. You and the server begin communicating using the symmetric session
>     key (basically because symmetric keys are faster).
>
> Kerberos does not use public key cryptography. It uses a trusted 3rd
> party. Here's a sketch:
>
>  1. You both (server and client) prove your identity to a trusted 3rd
>     party (via a /secret/).
>  2. When you want to use the server, you check and see that the server
>     is trustworthy. Meanwhile, the server checks to see that you are
>     trustworthy. Now, mutually assured of each others' identity. You can
>     communicate with the server.
>
>
> I'm always nervous about 'trusted third parties..' Can you imagine..
> That's what holds our credit cards and such,
> like, um, at Target.. the trusted 'third-party...' Damn, people really
> go for that??? See, it's a hard call, isn't it??
>
> // weigh it all out... //  and make sure you get buy in and put the
> DISCLAIMERS in your documentation and on the Wiki's because
> it will come back to you at some point ..... if it ever goes down...
>
> BEWARE of anything related to Security solutions on the Net -- because
> most don't have more than three or four years experience.
> Most.

Thanks for your insights. Appreciated.

My boss just looks funny at me when I ask him about security and has he 
considered all those post-Snowden details. 8-)

I've begun dabbling a bit with SSL while I did the Owncloud-testing and 
running.
--
//Sorin