From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23402 invoked from network); 20 Jun 2004 17:39:20 -0000 Received: from unknown (HELO lists.gnu.org) (199.232.76.165) by sourceware.org with SMTP; 20 Jun 2004 17:39:20 -0000 Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1Bc6Iz-00009l-D4 for listarch-gnats-devel@sources.redhat.com; Sun, 20 Jun 2004 13:40:33 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1Bc6Iu-00009g-W6 for help-gnats@gnu.org; Sun, 20 Jun 2004 13:40:29 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1Bc6It-00009U-3F for help-gnats@gnu.org; Sun, 20 Jun 2004 13:40:28 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1Bc6It-00009R-02 for help-gnats@gnu.org; Sun, 20 Jun 2004 13:40:27 -0400 Received: from [199.199.210.160] (helo=chef.nerp.net) by monty-python.gnu.org with esmtp (Exim 4.34) id 1Bc6He-0005SG-OA for help-gnats@gnu.org; Sun, 20 Jun 2004 13:39:10 -0400 Received: from localhost (c-66-41-158-97.mn.client2.attbi.com [66.41.158.97]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by chef.nerp.net (Postfix) with ESMTP id 04D3BFC6 for ; Sun, 20 Jun 2004 12:39:06 -0500 (CDT) Received: from chewie by localhost with local (Exim 4.32) id 1Bc6Hc-00074f-EM for help-gnats@gnu.org; Sun, 20 Jun 2004 12:39:08 -0500 Date: Mon, 21 Jun 2004 07:25:00 -0000 From: Chad Walstrom To: help-gnats@gnu.org Message-ID: <20040620173908.GB13514@wookimus.net> Mail-Followup-To: help-gnats@gnu.org References: <20040610205814.GA27286@wookimus.net> <40CDCBEA.9050505@earthlink.net> <20040614165706.GG3528@wookimus.net> <40D5BE7A.2080503@earthlink.net> <93229.1087751132@juniper.net> Mime-Version: 1.0 In-Reply-To: <93229.1087751132@juniper.net> X-Operating-System: Linux skuld 2.6.6-1-k7 X-GnuPG-Fingerprint: B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD Keywords: none User-Agent: Mutt/1.5.5.1+cvs20040105i Subject: Re: PAM Authentication Patch X-BeenThere: help-gnats@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: General discussion about GNU GNATS List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1171330590==" Sender: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org Errors-To: help-gnats-bounces+listarch-gnats-devel=sources.redhat.com@gnu.org X-SW-Source: 2004-q2/txt/msg00175.txt.bz2 --===============1171330590== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KN5l+BnMqAQyZLvT" Content-Disposition: inline --KN5l+BnMqAQyZLvT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 1052 Mark D. Baushke wrote: > The biggest problem I have with PAM support for gnatsd is that you > will now be sending a credential across the network in the clear which > is presumably able to be used as a credential outside of gnats. This > could lead to a simple password replay attack to gain access to > systems by unauthorized individuals or their agents. >=20 > I strongly urge you to first include and enable SSL (or TLS) support > in gantsd before you allow PAM to be used to authorize connections. Agreed. This is definitely something that should get on the TODO list for gnatsd. Alternatively, there are ways of tunneling TCP connections over secure channels, so I don't think the lack of gnutls integration should exclude the PAM patch. We should make it abundantly clear in the documentation that use of PAM authentication should be thoroughly protected. If such measures cannot be taken, don't enable PAM. --=20 Chad Walstrom http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ --KN5l+BnMqAQyZLvT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline Content-length: 189 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA1cu8DMcLGCBsWv0RAnKYAJ9C+94X+1b00I86zv7EmQC5FUG2AwCdHg2t qiZOvClV2HbmeF7NgX3yKfY= =4WwS -----END PGP SIGNATURE----- --KN5l+BnMqAQyZLvT-- --===============1171330590== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Content-length: 140 _______________________________________________ Help-gnats mailing list Help-gnats@gnu.org http://lists.gnu.org/mailman/listinfo/help-gnats --===============1171330590==--