SYSKEY2. Request For Comments
Simon Lodal
simonl at mirrormind.com
Mon Feb 7 22:40:53 GMT 2000
> > So the real problem has now turned out to be that we are using other
> > protocols that someone might be able to listen on, over the wire?
>
> YES. [thank you for noticing. noone else has].
Thank you for clarifying :)
> > probably in the disk drive. How disciplined would you be? So when a
>
> that's their problem, not ours.
I think it's ours. The human factor is the biggest source of vulnerability
in any system. If we can do anything to minimise the risk of human failure,
we should do so. At least don't force users to need an external disk (I
don't understand from the discussion if users will be forced to do this, or
if it's an easy option).
Also I have bad feeling about SYSKEY2 for another reason. It is all about
implementing yet another security scheme which will surely be incompatible
with others in some way. Also it will demand sysadms to learn and maintain
yet another security measure. I feel so much better about generic methods,
such as running everyting over ssh or the like (don't know if that's at all
possible or relevant here).
Regards,
Simon
More information about the samba-ntdom
mailing list