On Mon, 2007-10-15 at 16:01 -0400, Karl MacMillan wrote: > If you plan to use this cert infrastructure more broadly then my > concerns about the weaknesses grow quite a bit. We can use the cert signing portion of the infrastructure for whatever needs help communicating with certificates as auth. examples: - yum can use the certs to talk to mod_auth_cert on apache to have authenticated access to repositories - nagios can use it as a transport mechanism to do system checks and to send alerts - cacti can use it as a better-authenticated way to gather system stats - puppet can use the certs as it does currently. > But ssh would just be the transport / authentication mechanism that > could be hidden. It could immediately exec a bit of python code that has > the good parts of your current system. and then we don't get the benefit of the above, and we get to wrestle with various layers in between. -sv
