Date: Thu, 29 Jan 1998 11:46:26 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: Adam Turoff <AdamT@smginc.com>, hackers <hackers@FreeBSD.ORG> Subject: Re: WebAdmin (was: RE: /usr/src/release/sysinstall needs YOU. :-)) Message-ID: <14682.886103186@time.cdrom.com> In-Reply-To: Your message of "Thu, 29 Jan 1998 16:38:40 GMT." <34D0B090.5061FE9C@tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> On each machine we run an 'admind' process (admin. daemon). Now all our
> machines are firewalled correctly, so only internal machines on our Company
> LAN can connect on the AdminD port - but even so, I still intend to use
> passwords / encryption etc.
This approach sounds familiar. :-)
It's also not one without merit, though I also wonder how you're
handling the _export_ of information in this scenario. If you want to
create a rich administrative interface which provides good overview
information as well as letting you create new system entitites (users,
filesystems, etc) then you've got to have nice flexible way of getting
system information back to the "browser" which hopefully doesn't
require that you modify the browser every time you add access to a new
system data type.
That abstraction was sort of the goal of Mike Smith's "juliette"
package in TCL which gives an arbitrary browser access to the data in
/etc/rc.conf, /etc/host.conf, /etc/master.passwd, etc. by exporting it
into a MIB-like space and abstracting away the underlying storage
details - the user neither knows nor cares which file a given system
administration variable comes out of. I can't remember where he last
stashed a copy of it for ftp access, but I do recall him bringing it
up several times in this mailing list and it should be in the mailing
list archives.
Using TCL as the ascii data interchange format also means that you can
use it for simple data specification, e.g.:
newuser {
uname "joe"
fullname "Joe Blow"
password "geheim"
shell "/usr/local/bin/tcsh"
include default-user-profile
}
and you get parsing for free since your "newuser" command can just
register temporary commands like uname, fullname, etc. during the
scope of its argument's evaluation. You also, obviously, leave the
door open for passing more "intelligent" data where the handlers for
the new data are passed along with the data itself. The browser can
thus "learn" dynamically to deal with new data types and you don't
need to hack on it every time you add a significantly new feature to
your "admind".
Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14682.886103186>