From: Todd K. Watson (tkw@southwestern.edu)
Date: Fri Oct 31 2003 - 15:24:40 CST
I agree with David, if you already have those non-encrypted services
running, then it's likely that your concerns aren't worth the time
because people are already connecting directly to them from their
clients in the clear.
At least (in theory) you have better/tighter control over the security
of the systems and the network connection between your NetReg server and
your authentication server.
You could establish an an SSH tunnel between the NetReg system and the
authentication service to gain encryption without having to create a new
authentication routine within NetReg. Kind of a hack, but I don't see
why it wouldn't work...
Todd
--
Todd K. Watson
Senior System & Network Administrator
Southwestern University, Georgetown, TX
tkw@southwestern.edu || TEL:512.863.1508 || FAX:512.863.1605
Kenneth Hirsh wrote:
> I know that one can configure Apache with SSL so the user session with the
> registration page is encrypted. However, I do not know enough about
> the Perl libraries to answer this question: Is the authentication
> routine Netreg then runs against the POP, IMAP or FTP server encrypted
> or in clear text? If the latter, this would seem to make this a
> worrisome process.
> Ken Hirsh
>
> Kenneth J. Hirsh
> Duke University School of Law
> ken@law.duke.edu
> Voice (919) 613-7155
> Fax (919) 613-7231
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:41 CDT