Re: TODO: GNU TLS - Mailing list pgsql-hackers

From David Fetter
Subject Re: TODO: GNU TLS
Date
Msg-id 20061230151550.GH3332@fetter.org
Whole thread Raw
In response to Re: TODO: GNU TLS  (Stephen Frost <sfrost@snowman.net>)
Responses Re: TODO: GNU TLS
List pgsql-hackers
On Fri, Dec 29, 2006 at 08:12:47PM -0500, Stephen Frost wrote:
> * Joshua D. Drake (jd@commandprompt.com) wrote:
> > > We use it on some of our production systems (since it can
> > > provide cracklib, password expiration, etc, and the postgres
> > > instance inside it's own vserver so it doesn't hurt as much to
> > > make the passwd/shadow files available to it...).  I'd be happy
> > > to help you get it to work if you'd like, and I could even
> > > provide you with some PG/C functions to use password changing
> > > and password aging. :)
> > 
> > Oh, I am sure it is great. I have just never tried that hard to
> > get it to work :)
> 
> Oh, I never said it was great, just said that we used it since PG
> doesn't directly provide the things we need (cracklib, password
> aging, etc).

It's never been clear to me how these things in particular are good
security measures, but that's a whole different discussion.

> > > > I do like --with-ldap because it is pretty much standard
> > > > within directory lookups by the nature of Active Directory.
> > > 
> > > Funny you like LDAP but not Kerberos, both of which are part of
> > > Active Directory...  Using LDAP simple binds to AD for
> > > authentication is *quite* silly and *much* less secure than
> > > using Kerberos...
> > 
> > Yes but LDAP gives me a lot of other things, easily and it has
> > SSL. SSL + Firewall gives me 98% of the security I need.
> 
> Unfortunately, security isn't a game of percentages.

Security is *precisely* a game of percentages.  There is a lot of
silly voodoo running around in among amateurs tasked with security.
The silliest usually involves the "tall fencepost" model, which is the
diametric opposite of the "weakest link" model.  One example of "tall
fencepost" security would be hyper-strong crypto applied by
demoralized employees with bad will.  Attackers just *love* "tall
fencepost" security.  

> Hopefully you'll never have a server compromised which is then used
> to capture passwords which can then be used to jump to other
> systems...

Yeah, it's good to think about cascading failure modes.

> Kerberos is there and it's not too hard to use (though does depend
> on the MIT Kerberos for Windows service currently).  Supporting
> SSPI/GSSAPI and then writing a small document on how to generate
> Windows keytabs for Postgres would mean single-sign-on for Windows
> users using applications which use libpq...

Sounds like a nice feature :)

Cheers,
D
-- 
David Fetter <david@fetter.org> http://fetter.org/
phone: +1 415 235 3778        AIM: dfetter666                             Skype: davidfetter

Remember to vote!


pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: TODO: GNU TLS
Next
From: Magnus Hagander
Date:
Subject: Re: TODO: GNU TLS