[clue-admin] User setup for "member" accounts
Jed S. Baer
thag at frii.com
Wed Dec 29 12:02:23 MST 2004
On Wed, 29 Dec 2004 11:10:56 -0700
Collins Richey wrote:
> Good point. That would eliminate a lot of the security exposure. What
> about email as a requirement?
E-mail was promised as a benefit of membership. Was the original intent
there that it would always be forwarded to an outside account? That I
don't know. I doubt any of us want to do POP/IMAP adminstration, and I
don't recall that that was ever brought up -- since Lynn didn't set it up,
it seems it was outside of what we intended.
Shell access leaves open the possibility of reading mail via the CLI on
the CLUE server. Again, I don't recall that we ever intended that either.
Perhaps it was a moot point since all members have an e-mail account to
forward to.
> > If you want to prevent weak passwords, require public key
> > authentication(not that hard compared to managing passwords, and
> > perhaps good training for members who have never used ssh before).
>
> Yes, I brought up this question also. This would go a long ways down
> the path to the exclusion of intruders. Of course, if the members' own
> systems aren't secure then the public keys they are using aren't that
> secure either.
Oh what a tangled web we weave ... even if our intentions are good.
We have no way to enforce passphrases on ssh keys. The question then seems
to go to making sure the server itself has reduced vulnerability.
> First question: requirements?
I went through the admin archives, to see what I could find about this.
http://clue.denver.co.us/pipermail/clue-admin/2003-July/001134.html
http://clue.denver.co.us/pipermail/clue-admin/2003-August/001189.html
http://clue.denver.co.us/pipermail/clue-admin/2003-November/001326.html
http://clue.denver.co.us/pipermail/clue-admin/2004-March/001495.html
Our requirements are derived from what we promise as benefits of
membership. The outline from the past is:
- Email alias.
- Public HTML account (~user) - 15 MB
- SME server (Crawford).
- Invited to social events (BBQs, beer fests).
- Participate in door prizes -- paid members only or $2 @ door
for one night.
- Printed name tags.
- Temporary name tags for one-night members.
- Give them a prize for the membership -- T-shirt, book, etc.
- Membership card.
The account disk space was later revised to 10MB.
The SME server product was mentioned as a way to ease management and
setup, but the link -- www.e-smith.org -- Crawford later provided now goes
to some commercial outfit, where I saw no mention of the GPL.
> Next question: do we need shell accounts?
Not if the only reason is for maintaining individual sites, which can be
done using scp or sftp. sftp supports rm and rmdir.
While looking for stuff, I noticed this, which, in retrospect, seems more
ominous than it did at the time:
http://clue.denver.co.us/pipermail/clue-admin/2003-December/001335.html
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list