From mboxrd@z Thu Jan 1 00:00:00 1970 From: jparsons@sourceware.org Date: 15 Jan 2007 19:46:06 -0000 Subject: [Cluster-devel] conga/luci/docs user_manual.html Message-ID: <20070115194606.480.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: conga Changes by: jparsons at sourceware.org 2007-01-15 19:46:05 Modified files: luci/docs : user_manual.html Log message: user manual updates for cert ui, parte un Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/docs/user_manual.html.diff?cvsroot=cluster&r1=1.10&r2=1.11 --- conga/luci/docs/user_manual.html 2007/01/15 16:00:48 1.10 +++ conga/luci/docs/user_manual.html 2007/01/15 19:46:05 1.11 @@ -109,7 +109,7 @@ module support to filter and retrieve log entries.

To add a system, click on the Add a System link in the left hand navigation table. This will load the following page: -
+
Figure #3: Add a System

@@ -120,18 +120,44 @@ one additional entry row has been provided, a checkbox is also made available that can be selected if all systems specified for addition to the luci server share the same password. -
+
Figure #4: Multiple System Entries

If the System Hostname is left blank for any row, it is disregarded when the - list of systems is submitted for addition. If systems in the list of rows do + list of systems is submitted for addition. If the user wishes to delete a + row for any reason, the icon at the far right of the row (that resembles + rows in a table with an 'x') can be clicked. If systems in the list of rows do NOT share the same password (and the checkbox is, of course, left unchecked) and one or more passwords are incorrect, an error message is generated for each system that has an incorrect password. The systems listed with correct passwords are added to the luci server. In addition to incorrect password problems, an error message is also displayed if luci is unable to connect to - the ricci agent on a system. Finally, if a system is entered on the form for + the ricci agent on a system. +

+ For most typical datacenter deployments of conga, the luci server will + reside on a system within the confines of the datacenter network, and + the datacenter systems can pretty safely be assumed to be trustworthy. + If a luci server is used to connect to systems across the open internet, + the user could be vulnerable to a form of security assault known + as the 'Man in the Middle' attack; wherein a hostile party spoofs the + hostname or ip adress of a system to be added to a luci server. +

+ If the user would like to verify the certificate of a ricci agent before + authenticating to it (avoiding a 'Man in the Middle' form of attack), the + checkbox marked Verify system certificates before sending any + passwords should be checked. With this box checked, clicking submit + retrieves the certificate information for all systems listed, and provides + a 'Trust' checkbox for each system. The password for a system will not + be sent without the trust box checked. To add the system or systems, + click the 'Trust' checkboxes for each row desited and click submit again. + Mousing over the lock icon for + a row entry will display the certificate information for just that system. +

+
+ Figure #5: Certificate Verification Page +

+ Finally, if a system is entered on the form for addition and it is ALREADY being managed by the luci server, the system is not added again (but, the administrator is informed via an error message).