authenticating users for the control socket
Michael Biebl
mbiebl at gmail.com
Mon Jun 11 17:27:06 UTC 2007
2007/6/11, Vincent Danjean <vdanjean.ml at free.fr>:
> Michael Biebl wrote:
> > 2007/6/11, martin f krafft <madduck at debian.org>:
> >> 4. provide a setgid proxy which receives data on stdin, connects
> >> to the socket, provides the auth info to the daemon, then
> >> connects stdin/stdout to the socket passthrough-style.
> >>
> >> (4) seems like the best solution, but it's not nice. Thus I am
> >> wondering if anyone has a better idea.
> >>
> >> Or do you think letting non-root users control netconf is silly? It
> >> does seem somewhat silly, but when you think network-manager and the
> >> possibility of having a GUI control netconf from the GNOME panel (or
> >> the like), it becomes all the more attractive^W necessary.
> >>
> >> Comments welcome, cheers,
> >
> > Why not use D-Bus as IPC for client applications? The python dbus
> > binding are very good.
>
> Can D-Bus manage authentification ?
>
> Or perhaps you propose that it exists a setgid proxy that controls the
> netconf deamon and that talks to the other application via D-Bus.
> Here again, can D-Bus provide security and authentification between
> connected applications ? (I do not know D-Bus at all)
It does not (yet) provide an authentication protocol [1].
What it does provide is security policies, that manage access control
based on uid, gid or being locally logged in (at_console) [2].
Cheers,
Michael
[1] http://dbus.freedesktop.org/doc/dbus-specification.html#auth-protocol
[2] http://www.redhat.com/magazine/003jan05/features/dbus/#security
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the netconf-devel
mailing list