2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-28 20:39:40 +00:00
confluent/TODO

48 lines
2.7 KiB
Plaintext

-user can bog down all requests by hammering it with bad auth requests causing
the auth facility to get bogged down in PBKDF
Option:
-a multiprocessing pool to handle new authentications. The auth action
itself would be stalled out whilst an attack was underway, but once
in, the respective session layers will provide a caching session that
should accelerate things after the client gets in once
-penalizing a client clearly trying to break in
-other auth
-pam if user exists but has no passphrase
-keystone?
-ad? (specialized to the AD case)
-expressionkeys never gets smaller - perf impact
-When a user account is changed, have httpapi and sockapi notified of changes
to kill off related sessions. password changes are given a pass, but user
deletion will result in immediate session termination
-need event notification for config change- e.g. set attribute triggers consol
session object check to see if credentials changed
design is that calling code on init registers a callback for related node to
the in-context config manager object. callback shall be OO so no context
object parametr passed in. ipmi will use it for user/password/hardwaremanagement.manager
changes to console and command objects. console will use it to hook add/deletion
of nodes and/or indicating a different console.method or hardwaremanagement.method
-When the time comes to dole out configuration/discovery, take page from xCAT
'flexdiscover' command, if possible bring an ipmi device under management
by way of ipv6 to eliminate requirement for ip to be specified.
Requires the polling event support (which is required for security anyway)
-Change the remote timeout behavior to yield a response, then have pluginapi
decides whether to error the response or a message indicating error in case of
multi-node request
-this stack trace (happened with method was set to ""):
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response
for data in result:
File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler
cfgmgr, querydict)
File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path
passvalue = pluginmap[plugpath].__dict__[operation](
KeyError: ''
-have pyghmi and friends do multiprocessing pools (particularly the PBKDF stuff in auth)
-have console sessions be instructed as to more specific clue for unconnected
-misconfigured - console.method probably not set right
-unreachable - hardwaremanagement.manager probably wrong
-authentication failure - user/passphrase probable not right