[gomd-devel] <IRC> interesting IRC chat session about gomd...

[Gian Paolo Ghilardi]

Hi all.

This is the backlog for a nice IRC chat session.
Thanks to roeles, Wim, halves for this nice session.

Summary of the backlog:
- add auth method to gomd to distinguish between users
- security stuff
- chpox implementation

Byez.

<rejected>

REJ: hi all...

ROELES: hi _rejected_

REJ: hi roeles...

REJ: just read your mails...

ROELES: ah ,k

ROELES: did I misunderstand the checkpoint-stuff

ROELES: ?

REJ: maybe my words were not so clear...

REJ: the chpox stuff is a kenrel module + some userspace tools for
checkpointing/restoring saved procs...

HALVES:_rejected_: hi

ROELES: ah

REJ: hi halves... ;9

ROELES: _rejected_: and you wanted gomd to have the userspace stuff?

REJ: no...

REJ: just only these tools in a practical way...

ROELES: ah...

ROELES: good idear

REJ: the chpox stuff require that an user invoke manually the proc
checkpoinitng...

REJ: same situation for the proc restoring phase...

ROELES: invoke it in the program that needs the checkpoints? or in another
process?

REJ: my idea is automtize the checkpointing phase...

WIM:i think it's a very good idea to use that

REJ: hi Wim... Thanks...

REJ: :)

WIM:cause manual checkpointing is .. bothersome to say the least

* roeles agrees

WIM::-)

REJ: the implementation should be easy:

REJ: 1)gomd gets the full PID list (yet done)

REJ: 2)for each proc enter /proc/[PID] so he can know if the proc was
migrated

ROELES: that's yet done

ROELES: you can ask on what node a certain process is, right?

REJ: 3)for each proc gomd gets the nice (==priority) value (if the nice is
changed, the user reniced the process)

REJ: 3)for each proc gomd gets the CPU time

REJ: 4)sort the procs list

ROELES: ah

ROELES: nice

ROELES: _rejected_: what did you think about user-based authentication?

REJ: 5)checkpoints only the procs with an high  value. Value is a function
defined as F(isProcMigrated,niceAtStartup,isProcReniced,cpuTimeUsed)...

REJ: roeles: do you want something like PAM?

ROELES: _rejected_: ehm..just to be able to login.

REJ: ok...

ROELES: PAM == auth by ldap right?

REJ: PAM = plggable auth module => ldam, system flat files,...

REJ: s/ldam/ldap

ROELES: that would be even better...but little more complicated

REJ: the pwd will be sent without encryption...

ROELES: hm

ROELES: true

REJ: I prefer to implement a gomd auth.conf file...

REJ: the pwd will be sent as hash values...

ROELES: but then the telnet interface will not allow login

REJ: np...

REJ: the idea:

REJ: 1)client opens a telnet conn to a gomd

REJ: 2)if gomd has strict-security-mode enabled...

REJ: 3)gomd asks a user+pwd

REJ: 4)gomd received teh clear infos...

REJ: 5)gomd checks the auth...

REJ: 6)gomd eventually closes the conn...

REJ: in this way if an user sniffs the user+pwd value there will no great
probs...

REJ: obviously you cannot enable the SCX_ALL_COMMANDS_ENABLED macro...

ROELES: uuh

ROELES: yeah

REJ: ok....

ROELES: btw...

REJ: CU later. I need some food... ;)))

ROELES: wouldn't it be nice to say, try to look at openssl sockets? :)

ROELES: -say

REJ: simple telnet cannot use SSL...