>>>>> "David" == David Wilkinson <[EMAIL PROTECTED]> writes:
> At 19:05 28/05/98 +0000, John Mitchell wrote:
>> The administration of the machine is much better handled through e.g.,
>> Java servlets running in e.g., Apache on each machine. You could then
>> support either an HTML or a Java applet interface (or both).
> Hmm, how would that work? Your servlet is typically running as an
> unprivileged user, but it would need to be root to perform most sysadmin
> tasks.
Indeed. That same problem is enjoyed if someone wants to do this sort of
thing via signed applets.
> Either the servlet would need to act as a wrapper to some suid programs
> or your web server needs to run with root privileges - neither seems
> particularly desirable.
> I guess you could have a dedicated web server running as root configured
> quite tightly to accept only a limited set of requests. I'm not sure how
> authentication would work though...
Administrator login/password iff connecting from local host.
SSL communication channel built using both server & client certificates,
administrator login/password if connecting remotely. Yes, I was thinking
that these admin. servlets would be running in a separate instance of the
web server (ala your Avenida) which only deals with admin. requests as
opposed to actually using a separate complete instance of e.g., Apache.
Take care,
John
