[Top] [All Lists]

Re: [pcp] Next release update and pmdalogger merge

To: kenj@xxxxxxxxxxxxxxxx
Subject: Re: [pcp] Next release update and pmdalogger merge
From: Mark Goodwin <mgoodwin@xxxxxxxxxx>
Date: Mon, 16 May 2011 10:36:55 +1000
Cc: Nathan Scott <nathans@xxxxxxxxxx>, "Frank Ch. Eigler" <fche@xxxxxxxxxx>, David Smith <dsmith@xxxxxxxxxx>, pcp <pcp@xxxxxxxxxxx>
In-reply-to: <1305290961.12931.7.camel@bozo-laptop>
References: <1566158908.55479.1305286647155.JavaMail.root@xxxxxxxxxxxxxxxxxxxxxx> <1305290961.12931.7.camel@bozo-laptop>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10
On 05/13/2011 10:49 PM, Ken McDonell wrote:

Longer-term we probably need to grasp the nettle of authentication and
capabilities to control access to parts of the PCP exported info, but no
one seems to be volunteering to take ownership of this (even though it
is on the PCP 4.0 wish list).

I have some thoughts on authentication, access-control and other
security related issues, so I guess I'm possibly more signed-up
for this than anyone else. The current ip-mask based approach in pmcd
is probably easily spoofed and doesn't really cut it for any public
facing deployment outside of a VPN - the default config exports just
about everything in /proc to anyone who wants to connect!

I'll post some ideas and design proposals to the list so we can discuss.

-- Mark

ps: David and Frank - are you on the pcp@xxxxxxxxxxx list? So we don't
need to keep cc:'ing you guys directly?

<Prev in Thread] Current Thread [Next in Thread>