[Nut-upsuser] NUT clients - merits of authenticating
lists at lonnie.abelbeck.com
Thu Jan 9 21:00:57 UTC 2014
I'd like to better understand the merits of NUT clients (slaves) properly authenticating with the NUT server (master).
NUT allows clients to retrieve UPS status (upsc ups at 10.10.10.1) without authenticating, shutdowns are properly trigger via polling.
From testing one apparent benefit of authenticating is the client receives the shutdown event more quickly rather than the polling interval. (it seems)
Are there other merits of authenticating clients ?
On the flip side, since commercial products like NAS drive implementations use fixed, well known user/pass credentials, all clients would need to be configured with such well known credentials if they were all to authenticate with a common user.
The NUT /etc/ups/upsd.users file has only one entry:
password = superdupersecret
Is this a security issue if the password is well known ? Searching the mailing list I only found the comment: "All a upsmon slave can do, is delay shutting down for a handful of seconds." ... seems like limited mischief.
Any guidance is appreciated.
More information about the Nut-upsuser