[collectd-changes] Authentication/Encryption for the network plugin.
Florian Forster
octo at verplant.org
Sun Apr 26 20:47:34 CEST 2009
Hi all,
I've pushed some more changes to the authentication code to the Git
repository. Here is what I've changed:
- The client now sends a username when the packet is signed or
encrypted. In the encryption case, the username is transferred in
clear of course.
- Instead of a shared secret, the server now is configured with an
`AuthFile' which maps usernames to passwords. When a signed or
encrypted packet is received, a password is looked up using the
username and the packet is verified or decrypted.
- If the `auth file' is changed, it is automatically re-read.
- Instead of AES in CBC mode I'm not using AES in `output feedback mode'
(OFB). This way we don't need padding anymore.
This way it's now possible to have different passwords for different
nodes, customers, networks, ...
Authorization is not possible yet. I. e. you currently cannot accept
only specific hostnames depending on the username supplied and similar
nice features. But this is definitely where I'd like this to go.
The code is in the master branch of the Git repository including
documentation, if you want to give it a try. I'm, of course, glad about
any feedback and comments :)
Regards,
-octo
--
Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
http://verplant.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd-changes/attachments/20090426/b36db727/attachment.pgp
More information about the collectd-changes
mailing list