[Freeipa-users] Use of FreeIPA or FreeIPA LDAP server to hold private keys
Ian Stokes-Rees
ijstokes at hkl.hms.harvard.edu
Wed Aug 3 18:02:57 UTC 2011
On 8/3/11 1:46 PM, Stephen Gallagher wrote:
> Well, there exist central storage approaches that don't allow even the
> local admin access to the data. The trade-off of course is that they
> can't reinstate your access if you forget the password. In other
> words, you can set a password that is used as a symmetric key for
> encrypting your data in the central store. It's still central and can
> be retrieved from anywhere, but only you know how to read it.
You still seem to be missing the relevance of unscrupulous
administrators and compromised systems to "man in the middle" any
interactions you have with this system. Unless you never access the
data yourself once the unscrupulous admin or attacker has gained access,
then such a person can pretty easily intercept your password and get at
your data.
Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110803/97c934ab/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ijstokes.vcf
Type: text/x-vcard
Size: 380 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110803/97c934ab/attachment.vcf>
More information about the Freeipa-users
mailing list