On Wed Aug 3 14:05:51 2011, Stephen Gallagher wrote: > No, the way that such a system would work is that the password would > never be passed to the central server. Only the encrypted data would be > sent and received. All decryption would happen locally. The most a > man-in-the-middle attack could accomplish would be damaging the file so > it couldn't be decrypted anymore. That could accomplish a > denial-of-service, but not grant the attacker privileges to use your > keys.
Yes, of course. I work so much on machines hosted in racks in some server room that I forget a lot of people do most of their work on a single physical machine that could have strong privilege separation so even "administrators" can't normally access the machine. I guess I'm imagining an environment where if there is *any* interest in a central keystore, then there are administrators who have full access to all systems that would access that central keystore, but your scenario is certainly possible. As you've pointed out, with that degree of autonomy over your own system surely it follows that you could choose not to use a central keystore if one were provided. Ian
<<attachment: ijstokes.vcf>>
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
