[rrd-developers] [PATCH] rrdcached server-side authentication

kevin brintnall kbrint at rufus.net
Wed Apr 29 17:22:02 CEST 2009


> This means the client can use any of the secrets in my file, and I
> will just test them all, to see if one matches ?
> 
> What is the use case for this behaviour ?

There will be a need to rotate client passwords.  This design allows the
server to accept both old and new passwords during transition.  Then, the
clients can be upgraded without interruption.

> Would it make sense to have a secret and a user name, so that the
> communication would look like this?

A user name may reduce the number of SHA1 comparisons (since we'll be able
to terminate the search earlier).  Currently we don't have any other
access restrictions or logging that would benefit from a user name.  Do
you foresee a need for any user-based authorization mechanisms?

Do you foresee a need for a large number of secrets?

-- 
 kevin brintnall =~ /kbrint at rufus.net/



More information about the rrd-developers mailing list