summaryrefslogtreecommitdiffstats
path: root/zarb-ml/mageia-sysadm/2011-April/003400.html
diff options
context:
space:
mode:
authorNicolas Vigier <boklm@mageia.org>2013-04-14 13:46:12 +0000
committerNicolas Vigier <boklm@mageia.org>2013-04-14 13:46:12 +0000
commit1be510f9529cb082f802408b472a77d074b394c0 (patch)
treeb175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-sysadm/2011-April/003400.html
parentfa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff)
downloadarchives-master.tar
archives-master.tar.gz
archives-master.tar.bz2
archives-master.tar.xz
archives-master.zip
Add zarb MLs html archivesHEADmaster
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-April/003400.html')
-rw-r--r--zarb-ml/mageia-sysadm/2011-April/003400.html171
1 files changed, 171 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-April/003400.html b/zarb-ml/mageia-sysadm/2011-April/003400.html
new file mode 100644
index 000000000..f7db706d8
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2011-April/003400.html
@@ -0,0 +1,171 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+ <TITLE> [Mageia-sysadm] Users authentication on forums
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C20110426182441.GF21938%40mars-attacks.org%3E">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="003372.html">
+ <LINK REL="Next" HREF="003402.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>[Mageia-sysadm] Users authentication on forums</H1>
+ <B>nicolas vigier</B>
+ <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C20110426182441.GF21938%40mars-attacks.org%3E"
+ TITLE="[Mageia-sysadm] Users authentication on forums">boklm at mars-attacks.org
+ </A><BR>
+ <I>Tue Apr 26 20:24:41 CEST 2011</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="003372.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+ <LI>Next message: <A HREF="003402.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#3400">[ date ]</a>
+ <a href="thread.html#3400">[ thread ]</a>
+ <a href="subject.html#3400">[ subject ]</a>
+ <a href="author.html#3400">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<!--beginarticle-->
+<PRE>On Tue, 19 Apr 2011, Michael Scherer wrote:
+
+&gt;<i> Le lundi 11 avril 2011 &#224; 14:39 +0200, nicolas vigier a &#233;crit :
+</I>&gt;<i> &gt; Hello,
+</I>&gt;<i> &gt;
+</I>&gt;<i> &gt; For authentication on the forums, we are currently using ldap. The user
+</I>&gt;<i> &gt; sends his login and passwords to phpbb which use it to authenticate on
+</I>&gt;<i> &gt; ldap server. Because of this, someone with root access on the forums
+</I>&gt;<i> &gt; server can access password of any user connecting to the forums. And
+</I>&gt;<i> &gt; because important passwords are transfered, the connection needs to be
+</I>&gt;<i> &gt; in SSL, so the *.mageia.org certificate also needs to be installed. So
+</I>&gt;<i> &gt; access to the server needs to be restricted to sysadmin team only, who
+</I>&gt;<i> &gt; also need to be able to check what is being done on forums, check it is
+</I>&gt;<i> &gt; secure, etc ... And I think this makes forums admins not happy.
+</I>&gt;<i>
+</I>&gt;<i> Then what about doing like french forums, and not connect at all to our
+</I>&gt;<i> ldap.
+</I>&gt;<i>
+</I>&gt;<i> This let people the whole freedom to do what they want and allow us to
+</I>&gt;<i> focus on stuff that we need ( like deploying everything that need to be
+</I>&gt;<i> deployed, wiki, bittorrent server, etc, see the bugzilla for list of
+</I>&gt;<i> thing to do ).
+</I>
+Yes, that's what I was thinking first. One day that I decided to be
+lazy and started to think how to get ride of forums. Maybe that is not
+a good idea. But it was planned to migrate forums to an other server
+installed and managed by other people, and we have the same problem in
+that case, that other people not in sysadmin team are root on this server.
+But even if we don't do that and continue to be the only root on the
+server, someone hacking the phpbb server could easily add a password
+logger in source code and steal passwords allowing access to svn or some
+other servers.
+
+So to avoid a security hole in one web app to give access to everything,
+I think it would be useful to separate authentication part. Actually I
+don't know enough about openid, oauth and other protocols to say which
+one is better. But we can see this with help of webteam.
+
+&gt;<i>
+</I>&gt;<i> - we would need to make changes to applications, in a non upstreamable
+</I>&gt;<i> way. It was one of the point in favor of ldap , that everything can be
+</I>&gt;<i> easy to share. If we start to go this way, we will end like each time we
+</I>&gt;<i> go this way, with a huge forked stuff. Packagers learned this the hard
+</I>&gt;<i> way more than once. And lack of time + big pile of customization is what
+</I>&gt;<i> blocked forum upgrade for years, so I really think we start to learn
+</I>&gt;<i> from our past mistakes.
+</I>
+I think a phpbb oauth plugin could be upstreamable. There is already an
+openid plugin, where we could add an option to force openid server, and
+maybe upstream this option.
+
+&gt;<i> - openid/oauth manage the authentication ( and some vcard stuff ) but
+</I>&gt;<i> not the autorisation. For example, Transifex ( and others django
+</I>&gt;<i> application ) do use ldap groups for autorisation and I think that's
+</I>&gt;<i> rather a good idea to manage this using ldap.
+</I>&gt;<i>
+</I>&gt;<i> While it is not the case right now for forums, as said before, there was
+</I>&gt;<i> some discussions about having i18n/packagers/etc people having extended
+</I>&gt;<i> rights on some subforums, this would be harder to be done cleanly
+</I>&gt;<i> without a ldap access.
+</I>
+I though it was too difficult to do it in phpbb, so we decided to not
+use ldap groups in phpbb. But using external authentication does not
+prevent us to use ldap groups. It should be possible to give limited
+ldap access to phpbb to read group infos and use something else for
+authentication.
+
+&gt;<i> - moreover, keeping group of people outside of our ldap would make
+</I>&gt;<i> various process harder.
+</I>&gt;<i>
+</I>&gt;<i> For example, if we want to elect moderators representatives, this would
+</I>&gt;<i> be tedious to do it on epoll if the group is stored elsewhere ( it is
+</I>&gt;<i> tedious now but there is some bug to fix for that ). If we want to setup
+</I>&gt;<i> a ml synced with ldap ( like board-private@ ), this would also cause
+</I>&gt;<i> data duplication. Email aliases are also based on ldap group membership,
+</I>&gt;<i> etc.
+</I>
+I agree that we shouldn't store groups elsewhere.
+
+&gt;<i> - Most web applications will also need to access to email of users for
+</I>&gt;<i> various reasons ( like sending email ), most will also store the email
+</I>&gt;<i> for later usage. That's personal information that we should also protect
+</I>&gt;<i> and I think the various threads on the subject in the past, or the
+</I>&gt;<i> recent issue regarding Epsilon, or Google show that enough people care
+</I>&gt;<i> about that. We cannot share them with anyone without having this written
+</I>&gt;<i> in the privacy policy, ( policy that is still a draft cf bug 452 ) and
+</I>&gt;<i> told to users.
+</I>&gt;<i>
+</I>&gt;<i>
+</I>&gt;<i> - Moreover, if we start to give private informations to 3rd party
+</I>&gt;<i> websites, they should IMHO also have a privacy policy, and respect it.
+</I>&gt;<i> But yet, we cannot do much to make sure it is enforced or respected,
+</I>&gt;<i> unless if we are root. And if we are root on the server, then I see no
+</I>&gt;<i> reason to not handle like the others ( ie, puppet etc ). Then we are
+</I>&gt;<i> back on the same issues that sparkled the proposal.
+</I>&gt;<i>
+</I>&gt;<i>
+</I>&gt;<i> - As said on irc, there is the security issues. While we can suffer from
+</I>&gt;<i> it on our servers too, this would be a wrong way of evaluating the risk.
+</I>&gt;<i> If we take for example X external web sites, managed by X different
+</I>&gt;<i> group, and the Mageia web applications, there is more attack surface
+</I>&gt;<i> ( around X+1 time more ) than just having the Mageia applications. And
+</I>&gt;<i> unless we can guarantee that all 3rd party admins will be skilled enough
+</I>&gt;<i> in the arcane of security, the risk would likely be bigger than smaller.
+</I>
+I think using an authentication server is better for security :
+ - without authentication server, all web sites receive the ldap
+ password, and have read/write access to the ldap from the user
+ account. Someone taking control of one website can access all
+ passwords of users connecting.
+ - with authentication server, the web sites (except authentication
+ web site) do not receive the password, so they cannot steal it, cannot
+ authenticate on other websites. It's bad if one of the website is
+ attacked, but it doesn't give access to the svn or other websites.
+
+</PRE>
+
+
+<!--endarticle-->
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="003372.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+ <LI>Next message: <A HREF="003402.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#3400">[ date ]</a>
+ <a href="thread.html#3400">[ thread ]</a>
+ <a href="subject.html#3400">[ subject ]</a>
+ <a href="author.html#3400">[ author ]</a>
+ </LI>
+ </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>