Class: MCollective::Security::Psk

Impliments message authentication using digests and shared keys

You should configure a psk in the configuration file and all requests will be validated for authenticity with this.

Serialization uses Marshal, this is the default security module that is supported out of the box.

Validation is as default and is provided by MCollective::Security::Base

You can configure the caller id being created, this can adjust how you create authorization plugins. For example you can use a unix group instead of uid to do authorization.

Methods

callerid decodemsg encodereply encoderequest validrequest?

Public Instance methods

callerid()

decodemsg(msg)

Decodes a message by unserializing all the bits etc, it also validates it as valid using the psk etc

encodereply(sender, msg, requestid, requestcallerid=nil)

Encodes a reply

encoderequest(sender, msg, requestid, filter, target_agent, target_collective, ttl=60)

Encodes a request msg

validrequest?(req)

Checks the md5 hash in the request body against our psk, the request sent for validation should not have been deserialized already