|Subject:||Re: [pcp] Next release update and pmdalogger merge|
|From:||Mark Goodwin <mgoodwin@xxxxxxxxxx>|
|Date:||Mon, 16 May 2011 10:36:55 +1000|
|Cc:||Nathan Scott <nathans@xxxxxxxxxx>, "Frank Ch. Eigler" <fche@xxxxxxxxxx>, David Smith <dsmith@xxxxxxxxxx>, pcp <pcp@xxxxxxxxxxx>|
|User-agent:||Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:188.8.131.52) Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10|
On 05/13/2011 10:49 PM, Ken McDonell wrote:
Longer-term we probably need to grasp the nettle of authentication and capabilities to control access to parts of the PCP exported info, but no one seems to be volunteering to take ownership of this (even though it is on the PCP 4.0 wish list).
I have some thoughts on authentication, access-control and other security related issues, so I guess I'm possibly more signed-up for this than anyone else. The current ip-mask based approach in pmcd is probably easily spoofed and doesn't really cut it for any public facing deployment outside of a VPN - the default config exports just about everything in /proc to anyone who wants to connect! I'll post some ideas and design proposals to the list so we can discuss. Regards -- Mark ps: David and Frank - are you on the pcp@xxxxxxxxxxx list? So we don't need to keep cc:'ing you guys directly?
|<Prev in Thread]||Current Thread||[Next in Thread>|
|Previous by Date:||Re: Next release update and pmdalogger merge, Nathan Scott|
|Next by Date:||[RFC] PCP authentication and access control proposal (draft v1), Mark Goodwin|
|Previous by Thread:||Re: Next release update and pmdalogger merge, Ken McDonell|
|Next by Thread:||Re: Next release update and pmdalogger merge, David Smith|
|Indexes:||[Date] [Thread] [Top] [All Lists]|