[Server-devel] Password-less authentication with moodle

Andrés Ambrois andresambrois at gmail.com
Sat Oct 4 12:29:24 EDT 2008 

Hola Martin!

On Saturday 04 October 2008 09:22:11 Martin Langhoff wrote:
> On Fri, Oct 3, 2008 at 7:22 PM, Andrés Ambrois <andresambrois at gmail.com> 
wrote:
> >  I am, together with Pablo Flores, working in preparing EduBlog for
> > deployment in Ceibal (yay!). However, one of the big challenges ahead is
> > deciding on the security infrastructure needed. So I've decided to
> > consult the gurus at server-devel =) .
>
> Hola Andres!
>
> - What's your timeframe?

The timeframe for our project is 5 weeks starting from last Wednesday, in 
which I need to cover the interface (Moodle and Wordpress theming), course 
configuration, authentication, modifying Write to enable blog posting, and 
document all this for a manual. 

> - Are the Ceibal machines registering with the Ceibal servers in any way?

 My understanding of the current security architecture in Ceibal is almost 
non-existent, as I'm not working in LATU, and it has been a black box for 
external developers. I realize this will seriously hamper any take at the 
authentication problem, but I guess it's clear that there's little I can 
accomplish in this sense from the timeframe above. 

However, I believe there will be someone exclusively working on the security 
of the system. I will make sure to point him/her to this thread on Monday when 
we meet. 

> >  The other real solution that comes to mind would be TLS (SSL), maybe
> > using the DSA SSH key generated in first-boot? I believe this would
> > involved modifying Browse to use that file, and also gathering the XOs
> > public keys manually and add them to the server, which is a logistic
> > nightmare. I hope I'm wrong in this, could you advise me?
>
> That is one of the paths we are exploring :-) with an additional tweak
> to the 'register' action that retrieves the self-signed cert of the
> server on the XO as a trusted cert, and gives the XS the cert of the
> XO.
>
> This of course needs a change in the register API - (minor) code
> changes on the XO core Sugar libs and in Browse.

I'm glad I wasn't that far off :). Are these required modifications documented 
somewhere?

> cheers,
>
>
>
> m

-- 
  -Andrés

More information about the Server-devel mailing list