On 24 Jan 2011, at 20:09, Harald Barth wrote: > I would suggest to bind it in a way that it can be accessed by > localhost only.
Having cmdebug output accessible outside of a particular machine can be of use for both debugging, and administration - it's making it available anonymously that is less than ideal, and we should probably consider changing that. However, until we have better RX security classes, there is no easy way for the cache manager to authenticate incoming connections. > That would make it kindof compatible (because then the > binary and the CM are of course of the same architcture) You can't assume that. We have platforms where you can have a 64bit userland, and a 32 bit kernel space, and vice versa. I'm in favour of Jeff's proposal that we stop treating cmdebug as a "standard" interface. However, that means that we need to move the RPCs used by cmdebug out of the callback service, and into their own RX service. From memory, I think this has the added advantage that it should be possible to build a cmdebug that returns results, even when the callback service thread is blocked. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
