Check out the new USENIX Web site. Next: Upgrading Software Up: LCFG in Action Previous: Changing Server Configurations

Changing Security Policies

Many security-related parameters can be set by LCFG resources. Setting these in the appropriate class file allows the security configuration of whole groups of hosts to be manipulated. For example, we could control the ability to access all first year undergraduate machines from a remote ssh by setting the following in the appropriate class file:

  inet.allow_sshd  ALL : rfc931

We are aware that this depends heavily on the security of the LCFG system itself which is currently not as strong as we would like. This is one area being addressed in the current re-implementation. Similar issues involving automatic configuration of security parameters are discussed in [8].



Paul Anderson & Alastair Scobie