Minimal Install Option
Chris Ricker
kaboom at gatech.edu
Thu Aug 21 17:21:53 UTC 2003
On Thu, 21 Aug 2003, Bill Anderson wrote:
> > Just for a few examples:
> >
> > > krb5-workstation
> >
> > might be good on a router -- give you secure in-band management capabilities
>
> The package itself in it's description says it is for workstations.
Wrong one. I wanted pam_krb5, which was also on your list. Makes sense on
interior routers (as might ssh, for the same reasons/uses), doesn't on
exterior.
> > I definitely want this on a router
>
> Why? Why should a router/firewall be downloading web pages, etc.?
to download files to it when I'm setting it up, patching it, etc.
> > > A minimal install should provide no external services beyond SSH,
> > > especially when listed as a firewall/router install.
> >
> > a firewall shouldn't provide any external services. manage them out-of-band
>
> I'm not sure you are disagreeing with me here. Are you saying don't
> remote log in to a firewall at all, or are you agreeing with me?
I'm disagreeing. The last thing a fw should do is run a service, let
alone one with the security history of ssh.... Manage over serial.
later,
chris
More information about the test
mailing list