Le 01/03/2013 10:46, Tomás Abad a écrit :
How does the agent know whether it must answer a request?. I suppose that the agent just would answer (or it will answer) to requests which origin be a server machine included in the option 'server' of the agent. I would like confirming this fact.
Hello Tabad.
Just some clarification: I'm only talking of server 'run now!' requests to the agent, used to force the agent to immediatly reschedule its execution, and not of server 'do task X and task Y' answers to agent 'what shall I do ?' requests, which are always executed.
Those requests are currently honoured if they match either of those two criterias: - they comes from a trusted address (the ones you explicitely pass with --http-trust parameter), mainly used to control agent execution from local host (the 'run now' link on agent web interface) - it contains a shared secret, the famous token, which is a 8 characters string generated by the agent and exchanged with the servers during the server-agent dialog.
So technically, as long as initial exchange did not concluded (between 30 mn and 1 hour per default), or if the token was changed by another server since last communication with the agent, such a request from a server won't be honoured.
Hence my proposal to only use the adress as trust model, for sake simplicity and efficiency.
-- BOFH excuse #358: struck by the Good Times virus _______________________________________________ Fusioninventory-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-devel
