[Mono-dev] RFC on remoting security stuff
Jerome Haltom
wasabi at larvalstage.net
Mon Oct 15 12:57:59 EDT 2007
> It is possible to implement Mono's secure remoting based on
> NegotiateStream, but we'd need something like SAMBA to handle
> the mutual authentication.
Kerberos is all that is needed. It should be possible to obtain whatever
information is required to do this type of authentication from the OS
Kerberos implementation.
>
> For impersonation support, we'd need to "suid root" the application,
> which is a no-no at present. IMO, this would require a complete audit
> of all participating managed and unmanaged libs.
> That said, I think we should implement secure remoting on top of
> AuthenticatedStream (SslStream). This is the only way to make
> secure remoting really useful on Mono's main platform Unix.
I disagree. I would find Kerberos authentication invaluable. Between
Unix machines alone.
>
> For MS.NET interoperability we could provide custom channels for
> MS.NET based on our channels.
>
> Robert
>
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list