Re: TODO: GNU TLS

From: David Fetter <david(at)fetter(dot)org>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, mark(at)mark(dot)mielke(dot)cc, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
Subject: Re: TODO: GNU TLS
Date: 2006-12-30 15:15:50
Message-ID: 20061230151550.GH3332@fetter.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Dec 29, 2006 at 08:12:47PM -0500, Stephen Frost wrote:
> * Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
> > > We use it on some of our production systems (since it can
> > > provide cracklib, password expiration, etc, and the postgres
> > > instance inside it's own vserver so it doesn't hurt as much to
> > > make the passwd/shadow files available to it...). I'd be happy
> > > to help you get it to work if you'd like, and I could even
> > > provide you with some PG/C functions to use password changing
> > > and password aging. :)
> >
> > Oh, I am sure it is great. I have just never tried that hard to
> > get it to work :)
>
> Oh, I never said it was great, just said that we used it since PG
> doesn't directly provide the things we need (cracklib, password
> aging, etc).

It's never been clear to me how these things in particular are good
security measures, but that's a whole different discussion.

> > > > I do like --with-ldap because it is pretty much standard
> > > > within directory lookups by the nature of Active Directory.
> > >
> > > Funny you like LDAP but not Kerberos, both of which are part of
> > > Active Directory... Using LDAP simple binds to AD for
> > > authentication is *quite* silly and *much* less secure than
> > > using Kerberos...
> >
> > Yes but LDAP gives me a lot of other things, easily and it has
> > SSL. SSL + Firewall gives me 98% of the security I need.
>
> Unfortunately, security isn't a game of percentages.

Security is *precisely* a game of percentages. There is a lot of
silly voodoo running around in among amateurs tasked with security.
The silliest usually involves the "tall fencepost" model, which is the
diametric opposite of the "weakest link" model. One example of "tall
fencepost" security would be hyper-strong crypto applied by
demoralized employees with bad will. Attackers just *love* "tall
fencepost" security.

> Hopefully you'll never have a server compromised which is then used
> to capture passwords which can then be used to jump to other
> systems...

Yeah, it's good to think about cascading failure modes.

> Kerberos is there and it's not too hard to use (though does depend
> on the MIT Kerberos for Windows service currently). Supporting
> SSPI/GSSAPI and then writing a small document on how to generate
> Windows keytabs for Postgres would mean single-sign-on for Windows
> users using applications which use libpq...

Sounds like a nice feature :)

Cheers,
D
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter

Remember to vote!

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2006-12-30 15:36:43 Re: TODO: GNU TLS
Previous Message Stephen Frost 2006-12-30 14:55:47 Re: TODO: GNU TLS