Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Posted Jan 8, 2013 14:03 UTC (Tue) by epa (subscriber, #39769)
Posted Jan 8, 2013 14:42 UTC (Tue) by sbakker (subscriber, #58443)
Regarding the LDAP server being compromised or not, that depends on how well you protect/harden your LDAP server(s). I just don't see USB devices on each host scale very well and single sign-on is pretty much out of the question... Unless you attach your USB device to your LDAP server.
Also, how do you synchronise passwords in a HA environment? Given that the storage on the USB device is not accessible, it means you cannot make backups either. If the USB device breaks, that's it. Game over.
And, of course, you are assuming that the USB device has faultless security, and cannot be compromised itself. You still need to talk to it; over USB rather than IP, but buffers being buffers and programmers being programmers, I'm far from convinced there wouldn't be exploitable holes. Holes that would be that much harder to plug, because the device wouldn't (shouldn't!) allow you to fiddle with the firmware. Compare that to an apt-get/yum update to patch slapd.
Posted Jan 8, 2013 15:54 UTC (Tue) by epa (subscriber, #39769)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds