Re: caml-crush in F22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2015-04-02 at 16:18 +0200, Thomas Calderon wrote:
> Hi,

> Example of server process that are PKCS#11 compatible:
>   * Daemons:

It would be really useful to have a wiki which explains how to setup the
daemons with caml-crush. I've setup a temporary page at
https://fedoraproject.org/wiki/User:Nmav/caml-crush

> Of course wider support would be great (sshd, postfix, dovecot, etc),

sshd already uses privilege separation so the keys are already outside
the server context. Unfortunately it is one of the very few servers that
does that. Everything else would be nice to support it though.

> Now, in order to further isolate I would recommend the following
> approach:
> Take advantage of SoftHSM being SW to create as many "slots" as there
> are use-cases (one for Apache, one for strongswan, etc).

That's a nice approach. I'll enhance the command line tool to add/remove
slots on demand.

regards,
Nikos



--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux