On Tue, 14 Mar 2000, Ken McDonell wrote:
> On Tue, 14 Mar 2000, Peter J. MASON wrote:
> > Our reading of PCP doesn't uncover any means of supporting a set of
> > metrics which are visible to some users and not others.
>
> No, there is no such concept in the PCP architecture and protocols.
> We adopted a binary model ... if the PMDA is configured, then all
> clients that can connect to the PMCD can send requests to the PMDA.
>
> There are some access controls based on the IP address the client
> connects to PMCD on, but these are at the level of connection control
> (you can or cannot connect, you can or cannot store, you can or cannot
> fetch, etc).
>
> > Though there seems to be some sort of "context" concept with the PMAPI,
> > it doesn't appear to include a user ID context to use in such occasions.
>
You may be able to set up a proxy daemon that does some client
authentication (e.g. a login type arrangement to establish
an autheticatted session between the client and the proxy) and
then forwards requests to pmcd on some other host, which has
been configured to only accept connections from the proxy host.
Actually, why not just use a simple firewall - authenticated users have
an account on the firewall, use remote X, etc, and pmcd on the servers
only accepts connections from the firewall. This doesn't work if
you still want to allow access to some metrics for non-authenticated
users (but the proxy method could be made to do so).
-- Mark
|