xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity
e4d0cb8207
confluent/TODO

43 lines
2.3 KiB
Plaintext
Raw Blame History

-user can bog down all requests by hammering it with bad auth requests causing
the auth facility to get bogged down in PBKDF
Option:
-a multiprocessing pool to handle new authentications. The auth action
itself would be stalled out whilst an attack was underway, but once
in, the respective session layers will provide a caching session that
should accelerate things after the client gets in once
-penalizing a client clearly trying to break in
-other auth
-pam if user exists but has no passphrase
-keystone?
-ad? (specialized to the AD case)
-expressionkeys never gets smaller - perf impact
-When a user account is changed, have httpapi and sockapi notified of changes
to kill off related sessions. password changes are given a pass, but user
deletion will result in immediate session termination
-need event notification for config change- e.g. set attribute triggers consol
session object check to see if credentials changed
design is that calling code on init registers a callback for related node to
the in-context config manager object. callback shall be OO so no context
object parametr passed in. ipmi will use it for user/password/hardwaremanagement.manager
changes to console and command objects. console will use it to hook add/deletion
of nodes and/or indicating a different console.method or hardwaremanagement.method
-When the time comes to dole out configuration/discovery, take page from xCAT
'flexdiscover' command, if possible bring an ipmi device under management
by way of ipv6 to eliminate requirement for ip to be specified.
Requires the polling event support (which is required for security anyway)
-this stack trace (happened with method was set to ""):
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response
for data in result:
File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler
cfgmgr, querydict)
File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path
passvalue = pluginmap[plugpath].__dict__[operation](
KeyError: ''
-reuse SDR to make health faster
-have pyghmi and friends do multiprocessing pools (particularly the PBKDF stuff in auth)
-bad password retrie
Reference in New Issue View Git Blame Copy Permalink