I'd like to get some feedback on how we should configure gweb's default access
permissions.
#1. "$conf['auth_system']=false;" will disable authorization, so no logins are
required and the system behaves like the current ganglia web frontend. In this
case, should editing of views be allowed or denied? Do we want disabling auth
to mean 'read-only access' or 'anything goes'?
It'd be easy enough to allow either of those options if $conf['auth_system']
were a non-boolean, but I don't want to over-complicate things.
$conf['auth_system'] = DISABLED; // anybody can do anything.
$conf['auth_system'] = READONLY; // no logins. all editing disabled. all
viewing allowed.
$conf['auth_system'] = ENABLED; // permissions determined by http
authentication & ACL. guests can view, admins can edit, private clusters can
be created.
#2. Should we ship the web interface with a default .htaccess file which sets
up most of the Apache authentication config for you? After discussion of nginx
and lighttpd, I'm wondering if we ought to be more web-server agnostic and just
refer everyone to a 'how to set up auth' wiki page instead.
#3. Should the default be to ship with authorization enabled or disabled?
My preference is that 'read-only & no authorization required' is the default
configuration. If someone wants to allow full access without logins, or wants
to configure some private clusters, we should make that easy to do after some
(minimal) extra configuration on their part.
best,
alex
--
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been
demonstrated beyond question. Learn why your peers are replacing JEE
containers with lightweight application servers - and what you can gain
from the move. http://p.sf.net/sfu/vmware-sfemails
___
Ganglia-general mailing list
Ganglia-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-general
