[ofa-general] OpenSM Console Ideas?
Timothy A. Meier
meier3 at llnl.gov
Thu Feb 21 16:27:30 PST 2008
LLNL uses the remote console feature in OpenSM. We have a need to secure
this remote connection with authentication/authorization and encryption
(specifically PAM and OpenSSL). I have a working prototype, and would
like to formalize it and share/include this with OpenSM.
Before I go down this path too far, I would like to solicit ideas from
others who use the console.
Currently, the console can be used in local, loopback, or remote modes.
If security is added, should it replace other modes, or be an additional mode?
The intention is to use PAM for the AA framework, and OpenSSL for secure
sockets. Are there any serious objections to this implementation plan?
The console feature has always been a configuration/command line option,
but should the secure console be conditionally compiled/linked as well?
(eliminate dependency on the PAM and OpenSSL libs, pam, pam_misc, cryto, ssl).
The secure console would require a relatively primitive client application,
which I will probably package under opensm, just like osmtest. Make sense?
Do you have any other ideas or suggestions for the remote console?
--
Timothy A. Meier
Computer Scientist
ICCD/High Performance Computing
925.422.3341
meier3 at llnl.gov
More information about the general
mailing list