So func looks interesting and I wanted to ask a few questions about potential integration w/ LDAP and kerberos (and freeipa.org). * Any chance you would be interested in supporting kerberos in addition to certificates? The main advantage here is that you would be able to authenticate specific users or services on other systems more easily. * For later versions of freeipa we plan to do machine identity. With that you would have a list of machines stored in ldap, groupings of those machines, and already have certs / kerberos principals to identify those machines. It would also enable you to obtain additional certs / principals for the func service securely. Speaking of which, it looks like you currently have clients automatically obtain certificates from the master server without authenticating the master server in any way. This seems like a security hole. Basically - if a rogue master server can spoof the master on the network (which would be easy) I can intercept registration requests, issue a cert, and fully control all of the other systems. It could even communicate with the real master and become a man-in-the-middle. There are a number of solutions to this, obviously, but freeipa will hopefully provide some in the future. * Another security concern - is the funcd on the clients trusted to perform all of the actions? This will make it a huge target for attacks. Could you instead exec helper applications? This would also allow you to run the helper applications with lower privileges - either in an specific selinux context, have it drop some capabilities before exec of the script, or even as an unprivileged user. Karl
