Hi, I'd like to better understand the merits of NUT clients (slaves) properly authenticating with the NUT server (master).
NUT allows clients to retrieve UPS status (upsc [email protected]) without authenticating, shutdowns are properly trigger via polling. >From testing one apparent benefit of authenticating is the client receives the >shutdown event more quickly rather than the polling interval. (it seems) Are there other merits of authenticating clients ? On the flip side, since commercial products like NAS drive implementations use fixed, well known user/pass credentials, all clients would need to be configured with such well known credentials if they were all to authenticate with a common user. The NUT /etc/ups/upsd.users file has only one entry: -- [monuser] password = superdupersecret upsmon master -- Is this a security issue if the password is well known ? Searching the mailing list I only found the comment: "All a upsmon slave can do, is delay shutting down for a handful of seconds." ... seems like limited mischief. Any guidance is appreciated. Lonnie _______________________________________________ Nut-upsuser mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/nut-upsuser
