On Tue, Aug 06, 2002 at 11:34:58PM +0200, Artur Pietruk wrote:
> On Tue, Aug 06, 2002 at 11:39:03AM -0700, Darren McClelland wrote:
> > Thanks, that's an idea. I'd always been thinking of ident as unreliable, but
> > if I control the authenticating server then it's something usable. At least I
> [cut]
>
> Well, if you want to use ident that way, than you have to trust not
> only those two servers, but all hosts in their network segments - do not
> forget about ARP poisoning.
>
> I think, that in your setup it would be better to do crypt=-auth
> and:
>
> - use PGPASSWORD environment variable, just set it before you execute
If you're worried about people poisoning arp, &c., then you'd have to
be mad to put a password in an environment variable.
If you have this sort of security problem, use Kerberos. It's what
it was designed to solve.
A
--
----
Andrew Sullivan 87 Mowat Avenue
Liberty RMS Toronto, Ontario Canada
<andrew@libertyrms.info> M6K 3E3
+1 416 646 3304 x110