| From: | mark(at)mark(dot)mielke(dot)cc |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | Richard Troy <rtroy(at)ScienceTools(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Martijn van Oosterhout <kleptog(at)svana(dot)org>, "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Design Considerations for New Authentication Methods |
| Date: | 2006-11-02 22:20:22 |
| Message-ID: | 20061102222022.GA21234@mark.mielke.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 02, 2006 at 10:48:29PM +0100, Magnus Hagander wrote:
> The same could apply to SSL cert based authentication, for users
> connecting from machines outside of my realm. Once you have "unlocked"
> the certificate, you can authenticate any number of times to any number
> of services that will accept this certificate *without* having to
> re-enter your password.
Why would you need to unlock it? SSL certificate is effectively a password
stored in a file of length 1024 bits or whatever.
> This is both a convenience for the user, and a requirement if you use
> OTPs.
I don't understand the OTP part. Single signon is only a convenience.
Ability to resume a session (provided by SSL) or ability to login using
a smaller authentication token than a certificate can be used to provide
performance improvement.
If the requirement is that no password is provided, password + SSL
certificate is not an improvement. Any token based authentication system
should allow for the token to become invalid at any time, and require
re-authentication using the primary mechanism.
The benefit to kerberos, from my perspective, is that it already exists,
and is widely used.
I prefer SSL certificates alone myself. All of my db passwords are randomly
generated anyways, and a 1024-bit randomly generated password is better than
a 64-bit password picked by a person at a keyboard. Having both isn't an
improvement I think. My own system at home uses RSA keys or SSH entry. I
don't bother with passwords anymore. If they can access my password, they
can access my certificate. If they can access my certificate, they can access
my password. Dual authentication models work better with very different
systems. For example, a USB key or digital display that I possess, and a
password that I know or have stored in a file.
Cheers,
mark
--
mark(at)mielke(dot)cc / markm(at)ncf(dot)ca / markm(at)nortel(dot)com __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada
One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-11-02 22:22:39 | Force 8.2 initdb to rename pg_database/pg_class minxid columns? |
| Previous Message | Martijn van Oosterhout | 2006-11-02 21:57:47 | Re: Design Considerations for New Authentication Methods |