[csw-maintainers] Access to the buildfarm via http with Sun Secure Global Desktop

rupert THURNER rupert at opencsw.org
Wed Dec 16 12:17:55 CET 2009


On Wed, Dec 16, 2009 at 12:05, rupert THURNER <rupert at opencsw.org> wrote:

> On Wed, Dec 16, 2009 at 11:49, Dagobert Michelsen <dam at opencsw.org> wrote:
>
>> Hi Rupert,
>>
>> Am 16.12.2009 um 08:45 schrieb rupert THURNER:
>>
>>> On Tue, Dec 15, 2009 at 18:24, Ben Walton <bwalton at opencsw.org> wrote:
>>> Excerpts from rupert THURNER's message of Tue Dec 15 11:51:50 -0500 2009:
>>> > from work? no, nothing but http/s. but i will ask them if i get an
>>> exception
>>> > for ssh to opencsw.
>>>
>>> the firewall policies allow certain things, and forbid others, besides
>>> the technical restrictions in place. either there is a technically clean
>>> possibility in line with the rules (like Sun SGD), or i have to go through
>>> the paper process for getting a permission for "ssh login.opencsw".
>>>
>>> but i do not want to break their rules even if technically possible (e.g.
>>> pierce the firewall by tunneling ssh through 443). if i do not like the
>>> rules any more it is time to look for another job i guess :)
>>>
>>
>> Fortunately setting up SGD is quite easy. If you want you can try
>> logging in with accessing
>>  https://login.opencsw.org
>> (http is redirected). As it is not an official certificate you must
>> accept the root cert and add it to your keystore once.
>>
>>
> uuh .. that reminds me that we have another restriction in place: there is
> a list of trusted ca's. we use a software called "webwasher" which breaks up
> https connections at the firewall - and blocks everything which is not on
> this list.
>
> but, we convinced the security people to accept http://cacert.org/ certs
> to have a free alternative as well - besides the usual suspects thawte, etc.
>
>
>
i tested it from home and it seems to work great. the following i was
wondering:
* where to change the password
* where to change the terminal type




rupert.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20091216/e856ee84/attachment-0002.html>


More information about the maintainers mailing list