authenticating users for the control socket
Jeremie Koenig
jk at jk.fr.eu.org
Tue Jun 12 02:26:36 UTC 2007
On Mon, Jun 11, 2007 at 05:16:05PM +0100, martin f krafft wrote:
> Hi all,
(...)
> In order to do this in a secure manner, the user thus has to be
> properly authenticated, but in using a socket, I give up the
> possibility to find out who actually issued the command.
(...)
> Comments welcome, cheers,
Hello,
I just had a quick look at the unix(7) manpage. I may be
misunderstanding something (i've never had an occasion to use Unix
sockets), but I am under the impression that you could use the
SO_PASSCRED/SCM_CREDENTIALS stuff to authenticate the client. I don't
know how hard it is to do that from Python code.
Incidentally, if I understand correctly, relying on file permission to
control access to the socket is not safe across operating systems.
I guess using Linux-only stuff and making the compilation fail on other
kernels would be a feature rather than a bug in this case :-)
--
Jeremie Koenig <jk at jk.fr.eu.org>
More information about the netconf-devel
mailing list