Feature request: SSL/TLS client/server negotiation
Schwimmer, Eric E *HS
EES2Y at hscmail.mcc.virginia.edu
Thu Oct 12 22:00:41 CEST 2006
The subject pretty much says it all :) The top item on my hobbit wish
list is to see some sort of client/server authentication & encryption.
This will take care of three of my largest hobbit worries/problems:
1. Having to poke a hole in my hobbit server's firewall every time I
add a new hobbit client.
2. The possibility that someone might compromise one machine running a
hobbit client and use that machine to send false reports or DOS the
hobbit server.
3. Prevent tender bits of info (such as my log files) that would
otherwise traverse the network unencrypted.
Of course, this would break a lot of existing scripts (devmon, bb-xsnmp,
etc); perhaps it would be possible to have the secure server listen on a
different port?
I know I could do all of this with stunnel, but that's one more thing
I'd have to install and setup (and one more thing that could break) on
all of my hobbit clients. Plus, there's always the laziness factor :)
Food for thought.
-Eric
More information about the Xymon
mailing list