client
client
Posted Jan 9, 2007 21:56 UTC (Tue) by jhardin@impsec.org (guest, #15045)In reply to: client by ccyoung
Parent article: NuFW: Single sign-on meets firewall (Linux-Watch)
> "On the PC side, users need to use a client program"
>
> even cooler would be if it could use a browser to login.
> would this be possible?
Probably not. At a guess without looking at the actual tools, the PC client program serves to map ports to users and/or programs. Simply logging in via a browser wouldn't achieve this.
I can see the need for this on Windows, but what I don't understand is why on *nix they didn't just leverage the existing identd?
Posted Jan 9, 2007 22:05 UTC (Tue)
by rfunk (subscriber, #4054)
[Link] (2 responses)
Posted Jan 10, 2007 1:43 UTC (Wed)
by dlang (guest, #313)
[Link] (1 responses)
Posted Jan 10, 2007 2:45 UTC (Wed)
by drag (guest, #31333)
[Link]
Like with Kerberos you have the client tell the server what the user is, but only the user and the kadmin server are going to know the password required to encrypt then decrypt the initial ticket. (then the credentials are stored in temporary file were they are valid for 8 hours or so)
Because identd is untrustworthy. Why believe what the client machine tells you? identd
but that's exactly what this proposal does. they use their own client-side piece instead of identd, but in both cases they are relying on the client to tell the firewall what userid the packet belongs to.identd
I have no clue how this works.. but isn't there going to be a shared secret?identd