Hello all, Background: We are using Ganglia in an environment that should pass certain security audits. A common check item in such audits is that services should not trust connections only based on source IP addresses. Their rationale is that an attacker who gains non-privileged access to a server may be able to access such services without any additional credentials. If services require credentials, and if credentials are stored away from non-privileged users, the attacker should gain root/admin access and locate credentials, thus making an attack more difficult.
One may argue that this is being too paranoid (I personally feel so, too), but there is not much we can do to avoid this test. So we started implementing a simple and optional "auth_token" feature to be used in both TCP and UDP communications. We are considering an "auth_token" parameter in the global gmond config, or in the udp/tcp send/recv channel config, and in the gmetad config. Please make suggestions to implement this feature in an acceptable way, as we are hoping to submit the changes for upstream code. Thanks in advance! Anuradha ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers