I'm not suggesting any change. Merely correcting a misstatement I
made earlier.
I believe the documentation already recommends best practice.
On Oct 10, 2007, at 10:53 AM, Magnus Hagander wrote:
> Tom Lane wrote:
>> "Henry B. Hotz" <hbhotz@oxy.edu> writes:
>>> You know, I don't know what I was thinking when I sent this. My
>>> apologies for the late correction.
>>>
>>> Anyone who has a copy of the "host" keys for a machine can
>>> manufacture kerberos tickets for the "host" service on that machine
>>> masquerading as absolutely anyone (including people who don't
>>> exist). Same for the "postgres" keys, and if the postgres server
>>> can
>>> steal the host keys (or vice versa) then it's even worse.
>>> [snip...]
>>
>> Maybe I'm too dense, but I don't see a conclusion here. Do we
>> need to
>> change our code, our docs, both, or neither?
>
> I don't think we do. If you use service keys per our documentation,
> you
> should be fine. And if someone owns your host keys, you lost already.
>
> //Magnus
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
