Re: OverLord (was Re: MPCS? and source code discussion (semi-long))

Jason Williams (streak@ccwf.cc.utexas.edu)
Tue, 28 Jul 1998 09:53:55 -0500 (CDT)


On Tue, 28 Jul 1998, Scott Lacroix wrote:
> Uhm... the Web GUI sends Telnet commands (the server has always been
> configured via telnet, how did you THINK the GUI worked? :) so of COURSE
> they are co-dependant.

I thought perhaps it did something fancy with port 7642. After that nasty
little glitch in port 7642 accepting any and all telnet commands I didn't
know what all 7642 was used for.

In playing with it some more, I've seen what the problem is. I've
passworded the telnet, and a lot of the GUI fails to work because it
assumes full access to telnet simply by opening a plain ol' TCP connection
to it. What needs to happen for it to be fixed is for the GUI to somehow
know what the password is. If there's a password set, it needs to send
the password BEFORE issuing whatever commands. This is the way Refmarshal
(as well as Overlord) works. It doesn't ASSUME it has complete access to
the reflector simply by opening a TCP connection.

It doesn't seem to me to be that hard of a problem to solve...but it can
be tricky I suppose. The GUI needs to know the password used when the
reflector is started if it is started with a password. It seems like you
could write out a file in the shell startup scripts for the password.
Something like what is done in wpNet120.csh:
"echo $pid > $dir/$progRoot.pid"

just "echo $password > $dir/$progRoot.pw" or something similar before
hiding the command line from view (which still isn't fixed in the Solaris
version).

Of course..in the NT version of MPCS, it should be even easier since the
telnet password is stored in a Registry entry.

> What "problem in the code" are you talking about here?

After examining it more closely..the problem is White Pine's lack of
insight to keep track of the password. If there's a password for the
server, it needs to issue the "password" command prior to any of the GUI
commands (allow, admit-sender, save, etc.) If you DO keep track of the
password, it allows people to password the telnet AS WELL AS use the GUI
without the two depending upon each other (either/or).

> So basically what it said is: If you don't use subnets, then you don't
> have security problems and they work just fine together. I never said
> anything about problems/issues about them working together.

I guess I misunderstood you then. :)

> The allow lists work JUST FINE with or without subnets, it just a
> question of what you want to do with them.
> I think we just drifted a little there... sheesh!

Yep..allow lists work just fine. :)
And drifting happens quite a lot here.. :)

> Nothing I can do about that one... I'll talk to a few people here, but I
> know it's been repoted (mulitple times) and it's on the list to be fixed.
> Beyond that...

Guess I'll just wait and see how long it takes to fix it. In the mean
time, I wonder if Brian Godette has put any more thought into how he may
fix yet another CU glitch. It may be a CU glitch, but for some reason,
I've only see White Pine clients with looping chat like that.

--
streak@ccwf.cc.utexas.edu    * Jason Williams -- Austin, Tx.  |     |
streak@mail.utexas.edu       * University of Texas at Austin  | ___ |
streak@cs.utexas.edu         * BS Computer Science             \_|_/
*************** http://ccwf.cc.utexas.edu/~streak/ **************|