[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20000131: ADDE server issues (cont.)

>From: "Guillory, Anthony" <address@hidden>
>Organization: NASA/MSFC
>Keywords: 200001311730.KAA02738 McIDAS ADDE accounting


>I'm going to show my limited knowledge of the interworking of Unix/McIDAS
>here.  But from what I remember we opted not to run the McIDAS accounting
>s/w because of security concerns and that's why we opted for the approach
>that we did (Unix Services deny/allow files - ok, I don't know the
>"official" names but you know what I mean).

I talked to my system administrator, and he said that the log messages
you sent along are from TCP wrappers.

>But you do have a point about
>the reverse name lookup.

The reason I mentioned this was that it is an important issue in our
LDM system also.

>I've seen that problem appear before but for other
>services - namely telnet and ftp.  Will check that one!!!!

I'll ask my sysadmin about this.  He will probably be able to answer this
off of the top of his head.

>And to mention
>another thing Tom brought out - once you have access to our server you have
>access to everything within ADDE there are no limitations other than

Right.  This is the problem I have with both use of TCP wrappers and
the SSEC ADDE McIDAS accounting system.  I think that the end user should
have very fine scale control over data set access.

>But I do understand Unidata concern about NLDN data, etc.  we
>have similar datasets that are not accessible.

It seems like every site that I talk to says the exact same thing.  There
is a general desire to allow just about everyone to get access to most
datasets, but there is also a great need to have the ability to deny access
to certain datasets on a case-by-case (even user-by-user) basis.

>Tom, I agree we (MSFC and Unidata) should talk about data (we have processor
>and disk limitations to consider on our end).

I understand completely.

>Unfortunately, I'll have to
>take a look at things a little later in the week.  Stay on my case!

Will do.  You have so much to offer our community that I will have to
maintain our dialogue.

>I have
>to get a talk ready for a Rotary Club talk tomorrow, so I'm kinda rushed at
>the moment.

Talk to you later...


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.