Return-Path: X-Original-To: apmail-karaf-dev-archive@minotaur.apache.org Delivered-To: apmail-karaf-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 628C8928D for ; Sat, 26 May 2012 13:32:44 +0000 (UTC) Received: (qmail 95944 invoked by uid 500); 26 May 2012 13:32:44 -0000 Delivered-To: apmail-karaf-dev-archive@karaf.apache.org Received: (qmail 95921 invoked by uid 500); 26 May 2012 13:32:44 -0000 Mailing-List: contact dev-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@karaf.apache.org Delivered-To: mailing list dev@karaf.apache.org Received: (qmail 95913 invoked by uid 99); 26 May 2012 13:32:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 May 2012 13:32:44 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of gnodet@gmail.com designates 209.85.210.48 as permitted sender) Received: from [209.85.210.48] (HELO mail-pz0-f48.google.com) (209.85.210.48) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 May 2012 13:32:40 +0000 Received: by dadz8 with SMTP id z8so2770324dad.21 for ; Sat, 26 May 2012 06:32:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=bZdpeclaY8I/hAeyNupuz2v966GHhyTz3pk6mCZ55Dg=; b=rh49Za2V7QtClpAmpVH5on0RV1gGnjk+Q96RMZo1QvZB2Gy0hiueCJ422dO0SbDsIj LEKxDeXgLBZ9RQnmMqAej9PxMyDzgYj4lODEiERBNhEcg7TCkEN8L+hXvScioZm73gUK 7TkR5UrkJnHfExGV1xSEisu6P2KeGjUh2KFK7FBJ7+1iBbIYFbTwt+m3BWaGnA1PGpFG s8GNvojul3+r9exYGClyKAUCADy2Wr5JuQUBdqETACrk2q+9LsvemTNqfKKG+efeS5i1 OWjlqMoYZksDkn63CJOS8t4+g/dqDT8FH8zGuHcAgVNF9dL8DilSd71lYousC0caNruV iUrg== MIME-Version: 1.0 Received: by 10.68.228.200 with SMTP id sk8mr7869653pbc.94.1338039139436; Sat, 26 May 2012 06:32:19 -0700 (PDT) Received: by 10.142.79.20 with HTTP; Sat, 26 May 2012 06:32:19 -0700 (PDT) In-Reply-To: <4FC0CB01.6060402@die-schneider.net> References: <4FC0CB01.6060402@die-schneider.net> Date: Sat, 26 May 2012 15:32:19 +0200 Message-ID: Subject: Re: [HEADS UP] Ssh agent and key authentication support From: Guillaume Nodet To: dev@karaf.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Karaf can only generate a private key for the user which is actually running karaf, not for others. The reason is that private keys need to be only readable by the user, and only the user (or an admin) could do that. Also, I really don't think Karaf should mess with the ssh setting of the OS at all. If we want to integrate with the OS, that is doable (but that's a different problem) using PAM. SSHD has a sshd-pam module which I started a while ago, but didn't really finished for lack of a good java pam library with java. And also because I doubt people would really want to use that in production (I have never seen such a requirement yet). It could also be done using Kerberos, but that's not something which should be enabled by default. I don't think we should make things more complicated than they are. The security mechanism of Karaf rely on JAAS, so it's really pluggable. The default implementation provided by Karaf should be simple enough that it can support being secured and easily manageable. I don't think it should be tied to the OS or even try to be the best security system. There are very good products that already do that and that's not really Karaf goal, it should just be able to integrate with those using LDAP for example (so I guess at some point, we need an LDAP login module for key based authentication). One thing I really focus on is ease of use. At dev time, we want Karaf to be the easiest to use as possible. So that people can actually download karaf, try and experiment without being bugged by too many things to do and understand to be able to try things. Having a secured security system by default would also be a problem when writing system tests that use multiple instances too. At prod time, we want Karaf to be easily secured. Changing the etc/users.properties and etc/keys.properties to secure Karaf really seem a good compromise to me, in conjunction with a big red warning when Karaf is started in dev mode. Christian, even if Tomcat changed its default security to be more secured, I don't think we should do the same. Karaf is (by far) not as popular as Tomcat, and Tomcat does not have the same need as Karaf, i.e. be able to propagate security tokens from an instance to another. And if we want Karaf to become popular, once again, we need to be the easiest to use, which means, you should start it and it should just work. On Sat, May 26, 2012 at 2:22 PM, Christian Schneider wrote: > It is unix specific but on that platform it really might make sense to us= e > the user keys and hosts. > As we need a safe place for at least the private keys I think it makes se= nse > to use the user dir for them. > So we could just use the directory structure that ssh uses. > > On windows these directories would not be there but we could still use th= e > same structure. > > Christian > > Am 25.05.2012 22:03, schrieb Guillaume Nodet: > >> That's unix specific and we have windows users ... >> >> On Fri, May 25, 2012 at 9:13 PM, Ioannis Canellos >> =A0wrote: >>> >>> I may lost some bits, but couldn't we just reuse the users keys and >>> authorized hosts, instead of creating, adding or removing? >>> >>> -- >>> *Ioannis Canellos* >>> * >>> FuseSource >>> >>> ** >>> Blog: http://iocanel.blogspot.com >>> ** >>> Twitter: iocanel >>> * >> >> >> > > > -- > > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > Talend Application Integration Division http://www.talend.com > --=20 ------------------------ Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ FuseSource, Integration everywhere http://fusesource.com