[pulseaudio-tickets] [PulseAudio] #259: Implement a secure and modular authentication method (or use ssh-like keys?)
PulseAudio
trac-noreply at tango.0pointer.de
Fri Mar 14 07:15:05 PDT 2008
#259: Implement a secure and modular authentication method (or use ssh-like
keys?)
------------------------------------+---------------------------------------
Reporter: eddyp | Owner: lennart
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: daemon | Severity: normal
Keywords: authentication network |
------------------------------------+---------------------------------------
Currently, if you want to use a remote PA server, and you are required to
use authentication, you are forced to use the same cookie on all hosts.
This is bad because of multiple reasons:
* you can't have one-way permissions, is just a pool of PA daemons,
without hierarchy - I might want to be able to stream from A to B, but I
might not want the reverse
* anyone getting access to one of the machines that has the common cookie
and can stream on any of the hosts in the pool - security issue
* for a laptop system, when at different places, in order to stream to
the local 'play machine' all the networks in which the laptop system uses
streaming must have the same cookie, making it impossible to isolate one
network from another - no modularity
It would be really useful and nice to have a system that would allow
something like ssh:
* authorization based on the host
* the direction of the authorization is clear (this would probably mean
some asymmetric key pairs)
Maybe the easiest way to accomplish this is to use something like ssh keys
(I don't think is either a good idea or PA's business to use the existing
ssh keys for ssh tunneling).
--
Ticket URL: <http://pulseaudio.org/ticket/259>
PulseAudio <http://pulseaudio.org/>
The PulseAudio Sound Server
More information about the pulseaudio-bugs
mailing list