Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] SSH Issues

On Wed, Nov 19, 2008 at 10:40:35AM +0900, Stephen J. Turnbull wrote:
> Curt Sampson writes:
> 
>  > It's your (trusted) resolving server that's normally doing the
>  > authentication,
> 
> *snort*  I don't trust any of my local servers as far as I can throw
> them (their polices are all set by people with the fine political
> [...]

Watching the situation from the top you have the subversion-service
that has to be made flexible, should be easy movable to other 
servers.

Usually people just attach a virtual ip to the service that gets
moved together with the service and are done.
For authentication you have ssh-hostkeys involved which is connected
to the host, not to the application.

I use subversion served by apache (i.e. becuase of familiarity with 
apache auth mechanisms), for authentication you would use https here
as protocoll and the https-cert would contain the dns-name of 
the virtual ip the subversion is served on.  This would be more
easy to move with the service.

Same should apply if the subversion was a kerberized service.

Christian
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links