Greetings,
> I can imagine a scheme where some clients "knew" about an end-to-end
> authetication mechanism that would give them access to additional
> information within a PMDA. Since this would be your PMDA (I presume)
> the implementation cost is the changes to all of the client apps
> (not nice, but may be acceptable). This could all be done with some
> special PMIDs and instance identifiers over the existing PCP store
> and fetch protocols. But before going down that track, I'd like to
> understand more about your needs and objectives.
We have a product that exports metrics information in a fashion that is
almost ideally suited to PCP. In fact we are developing a mechanism that,
among other things, will extract information from /proc and feed the data,
via a daemon to a remote client. Since this is exactly what PCP does we
thought we should investigate if we could integrate with PCP.
We also need to propagate data back (pmStore works very nicely).
Unfortunately, only privileged users are allowed to do this - and we wish to
have a mechanism that can delegate that privilege. In our original
implementation we were planning to use a challenge-response mechanism on our
daemon to validate the user.
Since this is a commercial product we need an elegant solution (we'd like to
avoid the firewall option) and, ideally, we would like to use only one
daemon. I hasten to add that we are eager to contribute to PCP, rather than
do something that only benefits us. (The security issue was raised by
several people during the PCP BOF in Sydney, so I am tempted to think PCP
could benefit in some way.)
]{ristoph
|