[AG-TECH] Per-node certificates
Christoph Willing
willing at itee.uq.edu.au
Fri Feb 4 19:19:14 CST 2005
>
>> -----Original Message-----
>> From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov]On
>> Behalf Of Steve Smith
>> Sent: Tuesday, February 01, 2005 9:51 PM
>> To: ag-tech
>> Subject: [AG-TECH] Per-node certificates
>>
>>
>> Hi,
>>
>> Is there any plan to re-institute per-node AG2 certificates, and if
>> not
>> what's the current accepted practise for multi-user, multi-machine
>> node
>> setups?
>>
>> Cheers,
>> Steve
>>
On 05/02/2005, at 4:42 AM, Steve Gallo wrote:
>
> I believe that you can use an anonymous certificate, although
> I think that there are some restrictions on what you can/can't
> do with them.
>
That is a good use for Anonymous certificates. Their potential
shortcoming is if/when ACL's are used for secure meetings (very rarely
done so far). If I were setting up a secure meeting room, my first
general "deny" rule would be aimed at any Anonymous certificate. Mind
you, I'm not sure that thats possible with the current ACL's, but an
ideal system should "allow" or "deny" classes of certificate such as
Anonymous.
chris
Christoph Willing Ph: +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland
More information about the ag-tech
mailing list