[Nbd] authenticated and named exports
Brought to you by:
yoe
Menu
▾
▴
[Nbd] authenticated and named exports
|
From: Wouter V. <w...@ut...> - 2010-07-27 11:38:47
|
Hi folks, After the 2.9.16 release a few days ago, I didn't stop coding. I forward-ported Brad Allen's auth patch, so that it works again. I'm not sure what to do with it; it only provides authentication, but not integrity; I don't want to give people a false sense of security. Maybe if people combine it with something like stunnel, or a VPN or something, it can be entirely safe... I dunno. At any rate, there's an 'auth' branch on sourceforge and github, you can check it out if you want. Second, I implemented a scheme for specifying exports by name, rather than by port. It would work by way of a -N option: nbd-client localhost /dev/nbd0 -N myexport In this situation, nbd-client would need to connect to nbd-server on a well-known port (I have a request out at IANA), and would send the string "myexport" as the name of the export; NBD-server would search for an export with "myexport" as the group name in the config file, as in [myexport] exportname = /dev/sda and then serve that. Note the absense of the port number; in this version of nbd-server, only the 'exportname' parameter is required. I've added an 'oldstyle' boolean option for the [generic] section. If you switch that on, then the port number is still required, and nbd-server will export the device both on the well-known port where a name has to be specified, and on the port you specify with the 'old' unmodified negotiation protocol. If you export a file on the command line, then specifying the export by name isn't possible. It's also not possible to export a file on the well-known port in the old style, even if you only export files on the command line. I'm not going to release this until IANA assigns me a port number, but the patch is in the 'names' branch in git on sourceforge and github. Feedback on this would be welcome. -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html |
