[distcc] Proposed Enhancements/Changes

Fergus Henderson fergus at google.com
Fri Jul 25 13:16:31 GMT 2008

On Fri, Jul 25, 2008 at 4:50 AM, Ian BAKER <ibaker at mail.cern.ch> wrote:

>        "Have you considered using ssh mode for user authentication?"
> For our setup it makes sense to use the GSS-API sitting on top of our
> existing Kerberos security mechanism, we expect this to be faster than SSH

It would be great to quantify that.  How much slower is SSH than
unautenticated distcc?  And how much slowdown would be acceptable for you?

> and has the additional benefits of being transparent to our users

Isn't ssh mode also transparent to users?  The only user-visible differences
  - the need for the right .ssh config files (distcc could be modified to
create them automatically if you don't have them)
  - the @s in DISTCC_HOSTS

> and circumvents having to specify the users that can access the hosts.

Hmm, yes.  But most medium or large sites are using LDAP or NIS or something
like that so that you don't have have to specify that on each host.  I guess
you're using Kerberos for that.  Without knowing much of the details of
that, I'm wondering why you couldn't use Kerberos authentication for logins,
but you can use it for distcc authentication.

I'm just pushing back a bit here because if the only real reason to not use
ssh mode for this is performance, then I'd like to quantify the performance

       "That sounds like a good idea. But I would like to hear more
>         about the details."
> Essentially, we are planning to implement specific build platforms and
> would use existing Zeroconf functionality to advertise them in order to
> allow for targeted builds.

What do you mean by "build platform" in the context?
How would a distccd server determine which build platforms it supports?

Fergus Henderson <fergus at google.com>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the distcc mailing list