As I recall the SSL wrapper scheme, there was going to be an GSI/ssl
enabled server on the MSSQL machine which would use the client's Grid
credential to generate a one-time MSSQL password. It would then hand
that password to the MSSQL server and back to the client. Then the
client could use that password and proceed as usual.
If the SSL server runs on a different platform, then the only security
problem is how to hand the password off to the MSSQL machine securely.
There may be several solutions here
1) just hand it off unsecurely and argue that it is small window of
vulnerablilty and it will go away once the server runs on the Windows
machine
2) write the SSL server just using generic openSSL code which does run
on Windows, though we may need a competent Windows programmer to get it
to build.
Actually writing such a server in Java might work, since it could be
written and debugged on Unix and then just dropped onto Windows. Java
supports SSL connections pretty transparently. You just need to load the
right socket factory.
If this looks like the right way to go, I can check into writing a Java
SSL server. How would it hand the password to the MSSQL server?
Mary
-- --------------------------------------------------------------------- Mary R. Thompson <MRThompson@lbl.gov> Distributed Security Research Group (510) 486-7408 Lawrence Berkeley National Lab http://www-itg.lbl.gov/~mrt ----------------------------------------------------------------------===============================================================================
This message was sent to the SciDAC National Fusion Collaboratory (NFC) workers list nfc-workers. Visit the Collaboratory at <http://www.fusiongrid.org/>.
To unsubscribe from this list, please send a message to majordomo@fusion.gat.com with the following text in the *body* of the message: unsubscribe nfc-workers
David P. Schissel: <schissel@fusion.gat.com> <http://fusion.gat.com/~schissel/>
This archive was generated by hypermail 2.1.1 : Thu Feb 07 2002 - 15:40:41 PST