[Nut-upsuser] NUT clients - merits of authenticating
Lonnie Abelbeck
lists at lonnie.abelbeck.com
Thu Jan 9 21:00:57 UTC 2014
Hi,
I'd like to better understand the merits of NUT clients (slaves) properly authenticating with the NUT server (master).
NUT allows clients to retrieve UPS status (upsc ups at 10.10.10.1) without authenticating, shutdowns are properly trigger via polling.
From testing one apparent benefit of authenticating is the client receives the shutdown event more quickly rather than the polling interval. (it seems)
Are there other merits of authenticating clients ?
On the flip side, since commercial products like NAS drive implementations use fixed, well known user/pass credentials, all clients would need to be configured with such well known credentials if they were all to authenticate with a common user.
The NUT /etc/ups/upsd.users file has only one entry:
--
[monuser]
password = superdupersecret
upsmon master
--
Is this a security issue if the password is well known ? Searching the mailing list I only found the comment: "All a upsmon slave can do, is delay shutting down for a handful of seconds." ... seems like limited mischief.
Any guidance is appreciated.
Lonnie
More information about the Nut-upsuser
mailing list