The fedora directory server is one piece of the larger
identity/security problem the hurricane team inside RH is tackling.
Other major pieces include CA bits
), a number of
components for dealing with smart cards, and work on client-side
software such as thunderbird and nss. Most of these are open source
(and the ones that aren't are at least moving in that direction), but
we haven't built any sort of public visibility for the other bits....
I think one of the problems that becomes painfully obvious when n3wbz
start playing with a directory server is that its really a pretty
low-level nitty gritty component, and you have to know what you want
to do with it today (which, coincidentally, mostly involves
authentication, identity, credentials, etc, not so much the "storing
data" part). We want to take many of the things people are finding the
directory server useful for, and make those goals really direct and
easy to achieve.
That's what we're working toward now with realsecurity.org
we'll hopefully be throwing up in a week or two. This isn't going to
be some big polished thing yet, but hey, at least we're getting the
info out there, right? :-)
-Seth (interaction designer, red hat)
On 7/17/06, Mike Jackson <mj(a)sci.fi> wrote:
Seth Nickell wrote:
> I'm building up a list of general, problematic security
> vulnerabilities that are common across computer networks today.
> Hopefully we'll be able to explain how to target many of these on the
> realsecurity website (so I have a bias for problems that can be
> tackled using the DS/CS/smartcard combo, but we should open it up
> beyond that too). Would love for other people to jump in and add some
> (or discuss them in this thread).
How is this relevant to a directory server wiki, which is about a
directory server product and how to use it?
Out of the seven things you listed, all are common problems, and only
one can be mitigated by FDS features - the first one (password policy).
BTW, what is the realsecurity website, the one that says "coming soon"
in big green letters? Why didn't you just post these things there to
Fedora-directory-devel mailing list