Hello all,
I have a problem:
* The GridPP Vulnerabilities Group recommend that all site operate their
R-GMA installation in an authenticating mode. From
https://mmm.cern.ch/public/archive-list/p/project-lcg-security-contacts/Grid%20Security%20Vulnerabilities%20that%20have%20passed%20their%20target%20date-876756341.EML?Cmd=open (long URL, may wrap):
----8<-----------------------------------------------------------------
(8972)
No Security in R-GMA
Exploitable by:
No Credentials
Basic info:
R-GMA on LCG deployment has no security. Any user who has access to the
system can write information to the R-GMA system, this may include false
information. Anyone with access to the system can read all information.
[...]
Proposed Solution:
The current version of R-GMA itself in LCG 2.6 allows security to be on
or off, and provides a mechanism for systematically turning it on.
Ensure that it is systematically turned on in the deployment.
----8<-----------------------------------------------------------------
* The R-GMA registry at RAL cannot interoperate with sites operating in
a secure mode, and is presently unsupported.
Given my own (limited) understanding of R-GMA, it appears clear that I
really don't want to downgrade to unauthenticated operation.
Any suggestions how to work around this issue?
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
|