cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Mendel Mobach <extern AT leercoden.nl>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: [Cacert-sysadm] Objections to a possible setup
- Date: Thu, 26 Mar 2009 21:28:57 +0100
On Mar 26, 2009, at 9:20 PM, Ian G (Audit) wrote:
Hmm, I though there was something in SP about no passwords ... but I won't look now as it might destroy the thread of the conversation :)
Yeah but we need an infrastructure to enforce that policy. (and let's talk about it later)
( Security being of course very integrated with and dependent on the
application, without an application it is perfectly secure :)
remote root access.
OK, I'm not making myself clear. What I wanted to know is what *applications* are going on these machines, and whether these are *critical* or *infrastructure* .
Infrastructure. The critical apps like signing server, user database, frontend etc do have their own hardware with even more strict rules.
In particular, are we talking about the signing app, the critical user database, the frontend CA application or the other related critical parts living on a virtual server / host?
No they will keep their own hardware.
Or are you talking about the logging server, being separate from the above?
That's one. However the signing server doesn't speak IP. It won't be able to log (yet) to another server.
Or, does "remote root access" mean this is for the hop-server, the server where sysadms connect into before ssh-ing to the critical servers and/or the console access?
yes. That's what remote root access does mean in this case. For the webserver it's a bit different at the moment but that will change to comply with the SP.
Kind Regards,
Mendel Mobach
- [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Sam Johnston, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Sam Johnston, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/25/2009
- Re: [Cacert-sysadm] no Objections to a possible setup, Daniel Black, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/27/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Wytze van der Raay, 03/27/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Philipp Gühring, 03/27/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Ian G (Audit), 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/26/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Sam Johnston, 03/25/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Mendel Mobach, 03/27/2009
- Re: [Cacert-sysadm] Objections to a possible setup, Philipp Guehring, 03/27/2009
Archive powered by MHonArc 2.6.16.