Well, for the kind of systems I work on, failure of one element (I say
element because a node is actually a redundant pair of CPU’s - i.e. in
order for the element to fail both redundant CPU’s must fail)
constitutes failure of the entire system; thus if the password server
isn’t there, then by definition it isn’t required. As I said Qnet is
primarily aimed at small tightly coupled systems (where all the
“elements” are required for the device to operate). There is nothing
wrong with having the kind of functionality you are asking for, but
there is a massive set of applications that Qnet already addresses
adequately (from a design feature POV - what I want to see is a robust
implementation of the current Qnet feature set
I think that if you are looking at Qnet for large, loosely coupled
networks of computers, you are using the wrong tool for the job (the
TCP/IP suite seems to address this problem domain adequately).
-----Original Message-----
From: Igor Kovalenko [mailto:kovalenko@home.com]
Posted At: Monday, July 23, 2001 8:59 PM
Posted To: os
Conversation: QNet security, does it have any!!
Subject: Re: QNet security, does it have any!!
You generally need a fallback mechanism for any kind of server. If the
password_server fails noone would be able to authenticate, which is not
acceptable in most environments. Remember how QNX4 could run several
namelocs? And you can have several DNS servers, DHCP servers, etc…
Besides an authentication server could be smarter than that. It could do
mapping between accounts, to implement ‘root squash’ or other things,
based
on origin of request (local or remote).
“Rennie Allen” <RAllen@csical.com> wrote in message
news:D4907B331846D31198090050046F80C9061A37@exchangecal.hq.csical.com…
ln -sP /net/password_server/etc/passwd /etc/passwd ?
Is there some reason this won’t work ? The above method worked fine
for
QNX4.
-----Original Message-----
From: Igor Kovalenko [mailto:> kovalenko@home.com> ]
Posted At: Monday, July 23, 2001 12:00 PM
Posted To: os
Conversation: QNet security, does it have any!!
Subject: Re: QNet security, does it have any!!
I would agree Rennie, if QNX also provided a way to share user
accounts
across QNET. A network-wide authentication server would be nice,
otherwise
problem of equivalency of user accounts makes situation rather bad.
“Rennie Allen” <> RAllen@csical.com> > wrote in message
news:> D4907B331846D31198090050046F80C9061821@exchangecal.hq.csical.com> …
Of course Qnet has no inter-machine security. The whole point of
Qnet
is to merge all of the individual machines on the network into one
machine, thus you have the same security as if you had one machine
(i.e.
if you are root, you are root regardless of which microprocessor ran
the
initial authentication code - think of an SMP machine, would you
want
to
have to log in to each processor before you could use them ? - this
would severely reduce the utility of SMP don’t you think ?).
If you want to continue to look at each node as an isolated entity
with
it’s own security domain, then simply use the conventional TCP/IP
suite.
Qnet is designed to be used on small local area networks (even
backplane
networks) where a cohesive distributed real-time system is desired.
One
can assign a “Qnet” a single IP address, and treat it, in every way,
as
a single node on a larger TCP/IP network (just as a collection of
four
processors in an SMP machine are treated as a single node on a
TCP/IP
network).
-----Original Message-----
From: Michael Stevens [mailto:> michael@acrfr.usyd.edu.au> ]
Posted At: Monday, July 23, 2001 2:14 AM
Posted To: os
Conversation: QNet security, does it have any!!
Subject: QNet security, does it have any!!
Does Qnet attempt to enforce any security?
I seem to be able to use it to directly migrate root priviliges
between
QNXRTP (6.1) machines. That is logging on as root on one machine
gives
me
root acess to any machines running Qnet. This is despite none of the
machines having the same root password.
All very strange. The npm-qnet.so is singularly quiet on the issue
of
security.
Michael Stevens
\