systemd requires HTTP server and serves QR codes
Simo Sorce
simo at redhat.com
Tue Oct 9 13:59:33 UTC 2012
On Tue, 2012-10-09 at 15:29 +0200, Lennart Poettering wrote:
> On Mon, 08.10.12 21:00, Ray Strode (halfline at gmail.com) wrote:
>
> > Hi,
> >
> > On Mon, Oct 8, 2012 at 1:07 PM, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> >
> > > Correct. Note that this is not accessible at all, by default, and mostly
> > > a preview for now. Later on we will add http digest auth and proper TLS
> > > support (including client certs) if people want to control
> > > access. (thankfully, libmicrohttpd already implements auth+tls, so this
> > > is easy for us to provide).
> > I think negotiate-auth would be a really good feature here, since many
> > enterprise deployments use kerberos based SSO in their intranets.
>
> well, this is really computers authenticating against computers, not
> users against computers. Hence I think kerberos/SSO is not really the
> most appropriate logic, since it's very user-bound, no?
Not *at all*, each computer has it's own principal and keytab and can
use it to do mutual authentication to one another.
Although if possible I would support also using a syslog specific keytab
instead of using the host/fqdn one so that people can decide to give the
journal daemon access to a less sensitive key and not the main
credentials.
We can easily provision that service key to clients via FreeIPA if the
feature is used there.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the devel
mailing list