[collectd-changes] Authentication/Encryption for the network plugin.

Florian Forster octo at verplant.org
Sun Apr 26 20:47:34 CEST 2009

Hi all,

I've pushed some more changes to the authentication code to the Git
repository. Here is what I've changed:

- The client now sends a username when the packet is signed or
  encrypted. In the encryption case, the username is transferred in
  clear of course.
- Instead of a shared secret, the server now is configured with an
  `AuthFile' which maps usernames to passwords. When a signed or
  encrypted packet is received, a password is looked up using the
  username and the packet is verified or decrypted.
- If the `auth file' is changed, it is automatically re-read.
- Instead of AES in CBC mode I'm not using AES in `output feedback mode'
  (OFB). This way we don't need padding anymore.

This way it's now possible to have different passwords for different
nodes, customers, networks, ...

Authorization is not possible yet. I. e. you currently cannot accept
only specific hostnames depending on the username supplied and similar
nice features. But this is definitely where I'd like this to go.

The code is in the master branch of the Git repository including
documentation, if you want to give it a try. I'm, of course, glad about
any feedback and comments :)

Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd-changes/attachments/20090426/b36db727/attachment.pgp 

More information about the collectd-changes mailing list