gerard at linuxfromscratch.org
Tue Feb 1 13:17:01 PST 2005
On Tue, 2005-02-01 at 12:31, Hui Zhou wrote:
> Authentication is tough. I suggest trust based authentication. Define
> a key or ip(or many) on the server and instruct the server only
> listens to those. That's easy. Others takes a professional to
> implement and make sure it's secure.
That would be one way yes. You could do a simple password-based
authentiation too of course and use unix system accounts. This daemon on
the server probably has to run as root or have root priviledges which
may pose other security problems of course.
There's ssh tunneling which would work. Let SSH take care of the
authentication bit with public keys and what not and listen for a
connection on localhost:someport.
> Validataion, I assume we are talking about command parsing. The
> easiest protocol is ascii based and with a regex engine, it is very
> easy to implement. Binary protocol can be more efficient of course,
> but the development cycles esclates.
I was more thinking validation in the way of making sure the profile
that is being sent is valid: check it against the DTD. This could also
be done by the client of course and saves the server CPU cycles to do
such a thing itself.
> Do you realize that only thing the server does is parse the command
> and run other programs.
Yes that's the idea. The server is pretty dumb. Receive profile, run it.
It scales well though. Now you no longer have to login to ten systems at
once or one at a time to run profiles to update to a new GCC version.
The one client, your laptop for instance, will remotely manage every LFS
installation you have deployed.
/* If Linux doesn't have the solution, you have the wrong problem */
More information about the alfs-discuss