Re: FAS and public Key auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu May 22 2008, Mike McGrath wrote:
> On Thu, 22 May 2008, Jeremy Katz wrote:

> > And the risk isn't increased by us allowing third-party groups to do
> > auth via FAS.  This risk is present whenever any user logs in to another
> > machine with agent forwarding.  Which is requested by the user/client --
> > not the machine being logged into
>
> The risk does increase as far as targeting goes though.  If you were to do
> this type of attack right now, how would you go about doing it and what
> machines would you use?  If we start allowing third party machines that
> have basically no barrier to entry it becomes much easier to plan and
> execute the attack.

One can still provide services to Fedora maintainers without using FAS, e.g. a 
ppc machine that can be used by maintainers to debug their package on that 
arch. Then the maintainers would send their ssh public key by themself to the 
administrator of the machine.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux