I'd like to get some feedback on how we should configure gweb's default access permissions.
#1. "$conf['auth_system']=false;" will disable authorization, so no logins are required and the system behaves like the current ganglia web frontend. In this case, should editing of views be allowed or denied? Do we want disabling auth to mean 'read-only access' or 'anything goes'? It'd be easy enough to allow either of those options if $conf['auth_system'] were a non-boolean, but I don't want to over-complicate things. $conf['auth_system'] = DISABLED; // anybody can do anything. $conf['auth_system'] = READONLY; // no logins. all editing disabled. all viewing allowed. $conf['auth_system'] = ENABLED; // permissions determined by http authentication & ACL. guests can view, admins can edit, private clusters can be created. #2. Should we ship the web interface with a default .htaccess file which sets up most of the Apache authentication config for you? After discussion of nginx and lighttpd, I'm wondering if we ought to be more web-server agnostic and just refer everyone to a 'how to set up auth' wiki page instead. #3. Should the default be to ship with authorization enabled or disabled? My preference is that 'read-only & no authorization required' is the default configuration. If someone wants to allow full access without logins, or wants to configure some private clusters, we should make that easy to do after some (minimal) extra configuration on their part. best, alex ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails _______________________________________________ Ganglia-general mailing list Ganglia-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general
