[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: When adding new node, how does the broker authenticate?




----- Original Message -----
> On Mon, Jun 17, 2013 at 09:46:22AM -0400, Mark Lamourine wrote:
> > 
> > Unless things have changed (and they have in some areas since I worked on
> > them), the way this works is that the node runs the mcollectived which
> > connects to
> > and activemq server and registers to receive requests from the broker.  The
> > /etc/mcollective/server.conf file contains authentication information to
> > allow it to connect to the ActiveMQ servers and a "secret" which it will
> > use to authenticate incoming requests from the broker.
> > 
> 
> [...]
> 
> > The node *does* trust the broker when the broker sends MCollective RPC
> > calls. (the broker gives the password from the
> > /etc/mcollective/client.conf which must match what the node has in the
> > /etc/mcollective/server.conf)

And technically, the broker trusts the responses from the node via MCollective, but simply limits what is available to do in those contexts (set env, display client errors, etc).  

> > 
> 
> On Mon, Jun 17, 2013 at 09:21:34AM -0700, Krishna Raman wrote:
> > 
> > The security here is mainly in how m-collective/activemq queues and
> > passwords are configured.
> > Activemq/m-collective auth is used to make sure that nodes/brokers are not
> > randomly claimed/controlled.
> > 
> 
> Thank you both.
> 
> --
> Jan Pazdziora | adelton at #ipa*, #brno
> Principal Software Engineer, Identity Management Engineering, Red Hat
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]