Re: g_spawn_async_with_pipes() & ssh based IPC

[Michael Cronenworth <mike cchtml com>]

Thomas Stover on 07/09/2009 03:16 PM wrote:
> I've done an openssl one before, and I'll look at gnutls, but the
> problems with that route as I see it are mainly:
> -you have to authenticate connections somehow- portably, and securely.
> Where as with ssh the OS just provides you with UIDs. I'm not a fan of
> the completely separate user database just for the one program
> architecture either.
> -(related to authentication) key management - ssh does all that already
> (ssh-agent, etc) (although the gnome-keyring library works for *nix)
> -more options for an admin to deal with
> -as legacy as ssh is, it does so much so well. It just "feels" like
> leveraging that would be a good idea.
>
> Also I might be thinking of the wrong project, but I have some vague
> memory of GnuTLS taking the downloads on their site down in protest
> after 911 (unless you donated money) or something quacky like that.
> (I'm  pretty sure I shouldn't have said that, but whatever).

You could have a TLS session without x509 auth and just use PAM or LDAP
for user auth. Something like that is not provided by a single function
call though.

Too many options? If you make the server/client yourself then it's
limited to however you program it. I don't understand your reasoning for
this complaint.

SSH is great for remote terminal sessions, but not much more. It sounds
like you just want to be extremely lazy. Suck it up and write your own
implementation using the standard library tools available. It will be
portable -- my GnuTLS apps run on Linux and Windows.

I don't remember anything about GnuTLS and any political agenda as that
was before my time in FOSS, but I wouldn't be surprised.