[Mono-dev] RFC on remoting security stuff

Jerome Haltom wasabi at larvalstage.net
Mon Oct 15 12:57:59 EDT 2007


> It is possible to implement Mono's secure remoting based on
> NegotiateStream, but we'd need something like SAMBA to handle
> the mutual authentication.

Kerberos is all that is needed. It should be possible to obtain whatever
information is required to do this type of authentication from the OS
Kerberos implementation.

> 
> For impersonation support, we'd need to "suid root" the application,
> which is a no-no at present. IMO, this would require a complete audit
> of all participating managed and unmanaged libs.

> That said, I think we should implement secure remoting on top of
> AuthenticatedStream (SslStream). This is the only way to make
> secure remoting really useful on Mono's main platform Unix.

I disagree. I would find Kerberos authentication invaluable. Between
Unix machines alone.

> 
> For MS.NET interoperability we could provide custom channels for
> MS.NET based on our channels.
> 
> Robert
> 
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list




More information about the Mono-devel-list mailing list