[Server-devel] Password-less authentication with moodle

[Andrés Ambrois]

  Hello all!

  I am, together with Pablo Flores, working in preparing EduBlog for 
deployment in Ceibal (yay!). However, one of the big challenges ahead is 
deciding on the security infrastructure needed. So I've decided to consult the 
gurus at server-devel =) .

  The problem is not in finding novel or ultra-secure algorithms, but in easily 
deployable and usable mechanisms. The MAC authentication method, described in 
earlier threads, is an easy hack, but not very secure (MACs can be spoofed, 
etc), however I wonder if an auth plugin for moodle with this scheme has been 
implemented. 

  The other real solution that comes to mind would be TLS (SSL), maybe using 
the DSA SSH key generated in first-boot? I believe this would involved 
modifying Browse to use that file, and also gathering the XOs public keys 
manually and add them to the server, which is a logistic nightmare. I hope I'm 
wrong in this, could you advise me?

  Being password-less is one of the key concepts in the XO's design. And 
rightly so, for both usability reasons, and the logistic problem of handling 
lost/compromised passwords. So we need to try and stick to it as much as 
possible. 

  Cheers!
-- 
  -Andrés