[distcc] Simple authentication for distcc

[Grahame Bowland]

On Thu, 2004-02-19 at 11:24 -0500, Lisa Seelye wrote:

> On Wed, 2004-02-18 at 21:27, Grahame Bowland wrote:
> > > Then what is the point of having extra code if it essentially provides
> > > nothing?  It seems cheaper to just have a properly configured firewall.
> > 
> > It doesn't provide nothing; it restricts users of distcc to those that 
> > have the passphrase. You can't differentiate which user on a shared 
> > shell machine is connecting using a firewall..
> 
> Why not use ssh and ssh keys then?

That's slower; you take a performance hit from doing the encryption. I
have the situation where we have a few servers that aren't doing much,
and a few people that do large compiles fairly often. Distcc is a
wonderful way to let them get stuff done faster. I'm confident that
layer 2 is secure, so a plain text passphrase over the network seems
acceptable.

I don't really want to rely on host firewalls to protect me, because
it's not good practice (what if, for some reason, the firewall ruleset
gets cleared?) - of course, we do employ such firewalls but I don't want
to be totally open in the situation someone gets past them. I don't like
host based authentication; I want to be able to run the distcc client on
a shared user machine and be relatively sure the person doing it is
authorised because they have the passphrase.

(Even if the servers running distccd were behind a NAT on private
addresses, I'd still be paranoid because there have historically been
ways to get around that, remember the spoof the FTP session trick that
let you get through Linux firewalls?)

Martin pointed out I could probably do all of this with rsh, which I
hadn't thought of. Silly me :) I'll look into that, but what I have
works for now.