It doesn’t derive anything. The word had a different meaning before XX century. Modern usage is to weaken the statement, the closest I can immediately think of is „possibly”. On chyba śpi = he possibly sleeps.
This is definitely interesting. I'd be interested in a functional comparison with ssh using kerberos. Is the difference that each host can be totally independent? Does this project require a separate certificate management system? Perhaps you could use IPA or similar for your everyday machines, and HIBA for rarely accessed computers that you don't want in your domain.
This reminds me of a 2016 blog post titled "Scalable and Secure Access with SSH" [1] on the Facebook engineering blog which does this with standard SSH tooling. I think the benefit of HIBA is more granularity in terms of authorization per system via Grants attached to certs as compared to authorized principal files on the hosts. Grants are centrally managed and can be given on a case-by-case basis, and revoked individually, for example.
18 comments
[ 3.7 ms ] story [ 53.5 ms ] thread… it doesn’t mean anything.
[1]: https://engineering.fb.com/2016/09/12/security/scalable-and-...