[ZODB-Dev] CHAP with ZEO
Toby Dickenson
tdickenson@geminidataloggers.com
Thu, 24 May 2001 08:26:54 +0100
On 22 May 2001 13:17:16 -0400, Monty Taylor <mordred@inaugust.com>
wrote:
>Jeremy Hylton <jeremy@digicool.com> writes:
>
>> MP> CHAP is sub-standard weak authentication?
>>=20
>> There is no question here. People have been using Kerberos since the
>> last millenium :-). For the kind of environment that Toby described,
>> it seems like a good solution.
>
>I'd love to see a kerberized ZEO. For that matter, why wouldn't
>ssh/stunnel work just as well.
Since you asked..... ssh *will* stop anyone attacking the legitimate
ZEO connection, however it does not prevent anyone making their own
tcp connections to the ZEO server. Thats why we need something like
Michels CHAP for authentication
This assumes the default configuration where the ZEO server listens on
all interfaces. So, lets change this so it listens only on a loopback
interface. The protection is betterm but still very thin, and is
broken if.....
* if the ZEO server is multi-user.
* any other service on the same machine is compomised.
* the machine runs a misconfigured proxy service.
In other words, its OK if you ZEO server runs nothing other than ZEO
and ssh, but probably not otherwise.
Toby Dickenson
tdickenson@geminidataloggers.com