Hi, I am new to Akka and am searching for a reliable way to obtain the effective UID/GID of a remote process. I am using remoting with SSL in untrusted mode successfully. And I have successfully used SNA to call geteuid() from the standard C library (I only need this application to run on Linux). The problem is, the actors in one part of my application run as root and need to know the UID/GID of the remote actor that is sending messages to it so that it can start processes on behalf of that user. I know how to have the actor use SNA to call geteuid() and then send the results to the remote actor. The problem is, how does the remote actor verify that the information wasn't spoofed?
I have found a package called Munge <http://dun.github.io/munge/> that provides a server process for granting credentials. But, it requires a daemon process and I would much prefer a method that does not need a daemon bound to a specific port. In looking around, it appears that Unix domain sockets are the most common method for doing this type of authentication, but I don't know how I could accomplish that from inside my Akka actors. If found the basic method for obtaining UID for process on the other end of a socket here <http://stackoverflow.com/questions/9898961/is-there-a-way-to-get-the-uid-of-the-other-end-of-a-unix-socket-connection> but I have no idea how to make use of it. Has anyone found a good way to get the UID of the process that sent a message to a remote actor? Thanks for any ideas, Chris -- >>>>>>>>>> Read the docs: http://akka.io/docs/ >>>>>>>>>> Check the FAQ: >>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html >>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user --- You received this message because you are subscribed to the Google Groups "Akka User List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/akka-user. For more options, visit https://groups.google.com/d/optout.
