NFS4 and remote access

[david m. richter]

On Wed, 18 Apr 2007, Ian Grant wrote:

> On Wed, 2007-04-18 at 16:17 -0400, J. Bruce Fields wrote:
>> On Wed, Apr 18, 2007 at 09:14:33PM +0100, Ian Grant wrote:
>>> On Wed, 2007-04-18 at 16:03 -0400, Trond Myklebust wrote:
>>>> On Wed, 2007-04-18 at 20:45 +0100, Ian Grant wrote:
>>>>> Yes, we have had this working from within our own site, where we trust
>>>>> the machines we manage. I should have been more clear: I meant remote
>>>>> access from other institutions, cyber-cafe's etc. where we cannot
>>>>> necessarily trust anything beyond the ssh session. We don't want the
>>>>> user typing kinit and entering their kerberos key.
>>>>
>>>> If you don't trust the keyboard that you are using to type with, then
>>>> you cannot enter _any_ passwords that could be reused. The only way to
>>>> deal with that would be use-once passwords (including for the ssh
>>>> session itself).
>>>
>>> Yes. That is why we don't allow password-based ssh authentication. Just
>>> public keys.
>>
>> So you're trusting their private ssh keys to the cybercafe machines that
>> they're logging on from?
>
> Yes. We encourage people to create the private keys remotely and
> transfer the public key over a session they've authenticated using a
> one-time password, and to only allow logins from that host with that
> public key. Then when they are finished they throw away that key.

 	perhaps i'm completely misunderstanding, but you have people 
generate private keys remotely -- like at the cybercafe mentioned above? 
put another way, where are your users' private keys located?  storing
private keys on untrusted computers doesn't work ...

 	d
 	.