[csw-maintainers] Access to the buildfarm via http with Sun Secure Global Desktop

rupert THURNER rupert at opencsw.org
Wed Dec 16 12:05:56 CET 2009


On Wed, Dec 16, 2009 at 11:49, Dagobert Michelsen <dam at opencsw.org> wrote:

> Hi Rupert,
>
> Am 16.12.2009 um 08:45 schrieb rupert THURNER:
>
>> On Tue, Dec 15, 2009 at 18:24, Ben Walton <bwalton at opencsw.org> wrote:
>> Excerpts from rupert THURNER's message of Tue Dec 15 11:51:50 -0500 2009:
>> > from work? no, nothing but http/s. but i will ask them if i get an
>> exception
>> > for ssh to opencsw.
>>
>> the firewall policies allow certain things, and forbid others, besides the
>> technical restrictions in place. either there is a technically clean
>> possibility in line with the rules (like Sun SGD), or i have to go through
>> the paper process for getting a permission for "ssh login.opencsw".
>>
>> but i do not want to break their rules even if technically possible (e.g.
>> pierce the firewall by tunneling ssh through 443). if i do not like the
>> rules any more it is time to look for another job i guess :)
>>
>
> Fortunately setting up SGD is quite easy. If you want you can try
> logging in with accessing
>  https://login.opencsw.org
> (http is redirected). As it is not an official certificate you must
> accept the root cert and add it to your keystore once.
>
>
uuh .. that reminds me that we have another restriction in place: there is a
list of trusted ca's. we use a software called "webwasher" which breaks up
https connections at the firewall - and blocks everything which is not on
this list.

but, we convinced the security people to accept http://cacert.org/ certs to
have a free alternative as well - besides the usual suspects thawte, etc.

rupert.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20091216/55eea7ce/attachment-0002.html>


More information about the maintainers mailing list