pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: pcp security?

from [Ken McDonell] [Permanent Link][Original]
To: "Peter J. MASON" <petem@xxxxxxxxxx>
Subject: Re: pcp security?
From: Ken McDonell <kenmcd@xxxxxxxxxxxxxxxxx>
Date: Tue, 14 Mar 2000 14:55:12 +1100
Cc: pcp@xxxxxxxxxxx, kristoph@xxxxxxxxxx
In-reply-to: <38CD8D99.A381DA05@xxxxxxxxxx>
Sender: owner-pcp@xxxxxxxxxxx 
On Tue, 14 Mar 2000, Peter J. MASON wrote:
> Our reading of PCP doesn't uncover any means of supporting a set of
> metrics which are visible to some users and not others.

No, there is no such concept in the PCP architecture and protocols.
We adopted a binary model ... if the PMDA is configured, then all
clients that can connect to the PMCD can send requests to the PMDA.

There are some access controls based on the IP address the client
connects to PMCD on, but these are at the level of connection control
(you can or cannot connect, you can or cannot store, you can or cannot
fetch, etc).

> Though there seems to be some sort of "context" concept with the PMAPI,
> it doesn't appear to include a user ID context to use in such occasions.

Contexts are used to maintain a very small amount of state between the
client and PMCD ... aside from IPC channel identification and the
last sent profile, there is nothing else.

And PMDAs can't see any of the client state when they recieve requests
from PMCD.

> Instead monitoring happens in the agent process (itself a daemon) owner,
> which is too coarse if there is only one such daemon.

I am not sure what you're trying to achieve here.  Perhaps you can describe
the problem or hoped-for solution in more detail.

> Has any thought been put into this aspect? If not, then we'd like to
> investigate including this somehow, possibly based on modifying
> pmNewContext()
> to accept and use a user ID for the PM_CONTEXT_HOST type. We'd be
> seeking to have a relevent agent forked off with a particular user ID in
> order to handle
> requests in the user's context.

If you want the user ID to be (a) authenticated in someway (ugly export
issue warning), and/or (b) seen be the PMDAs, then you're in for some
serious extra work.

> We're not as familiar with the architecture as we'd need to be, but does
> this sound feasible?

I can imagine a scheme where some clients "knew" about an end-to-end
authetication mechanism that would give them access to additional
information within a PMDA.  Since this would be your PMDA (I presume)
the implementation cost is the changes to all of the client apps 
(not nice, but may be acceptable).  This could all be done with some
special PMIDs and instance identifiers over the existing PCP store
and fetch protocols.  But before going down that track, I'd like to
understand more about your needs and objectives.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pcp security?, Dean Johnson
Next by Date:  Re: pcp security?, Mark Goodwin
Previous by Thread:  Re: pcp security?, Dean Johnson
Next by Thread:  Re: pcp security?, Mark Goodwin
Indexes:  [Date] [Thread] [Top] [All Lists]