[Cluster-devel] conga/luci/docs user_manual.html

Mon Jan 15 19:46:06 UTC 2007

CVSROOT:	/cvs/cluster
Module name:	conga
Changes by:	jparsons at sourceware.org	2007-01-15 19:46:05

Modified files:
	luci/docs      : user_manual.html 

Log message:
	user manual updates for cert ui, parte un

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/docs/user_manual.html.diff?cvsroot=cluster&r1=1.10&r2=1.11

--- conga/luci/docs/user_manual.html	2007/01/15 16:00:48	1.10
+++ conga/luci/docs/user_manual.html	2007/01/15 19:46:05	1.11
@@ -109,7 +109,7 @@
   module support to filter and retrieve log entries. <p/> 
   To add a system, click on the Add a System link in the left hand navigation
   table. This will load the following page: 
-  <img src="./ss_homebase2.png"/><br/>
+  <img src="./addsys_11.png"/><br/>
   <b>Figure #3: Add a System</b>
   <p/>
   <p/>
@@ -120,18 +120,44 @@
   one additional entry row has been provided, a checkbox is also made available
   that can be selected if all systems specified for addition to the luci server
   share the same password. 
-  <img src="./ss_homebase3.png"/><br/>
+  <img src="./addsys_22.png"/><br/>
   <b>Figure #4: Multiple System Entries</b>
   <p/>
   <p/>
   If the System Hostname is left blank for any row, it is disregarded when the
-  list of systems is submitted for addition. If systems in the list of rows do
+  list of systems is submitted for addition. If the user wishes to delete a 
+  row for any reason, the icon at the far right of the row (that resembles 
+  rows in a table with an 'x') can be clicked. If systems in the list of rows do
   NOT share the same password (and the checkbox is, of course, left unchecked)
   and one or more passwords are incorrect, an error message is generated for
   each system that has an incorrect password. The systems listed with correct
   passwords are added to the luci server. In addition to incorrect password
   problems, an error message is also displayed if luci is unable to connect to
-  the ricci agent on a system. Finally, if a system is entered on the form for
+  the ricci agent on a system. 
+  <p/>
+  For most typical datacenter deployments of conga, the luci server will
+  reside on a system within the confines of the datacenter network, and 
+  the datacenter systems can pretty safely be assumed to be trustworthy.
+  If a luci server is used to connect to systems across the open internet,
+  the user <i>could</i> be vulnerable to a form of security assault known
+  as the 'Man in the Middle' attack; wherein a hostile party spoofs the 
+  hostname or ip adress of a system to be added to a luci server.
+  <p/>
+  If the user would like to verify the certificate of a ricci agent before 
+  authenticating to it (avoiding a 'Man in the Middle' form of attack), the 
+  checkbox marked <b>Verify system certificates before sending any 
+  passwords</b> should be checked. With this box checked, clicking submit 
+  retrieves the certificate information for all systems listed, and provides 
+  a 'Trust' checkbox for each system. The password for a system will not 
+  be sent without the trust box checked. To add the system or systems,
+  click the 'Trust' checkboxes for each row desited and click submit again.
+   Mousing over the lock icon for 
+  a row entry will display the certificate information for just that system.
+  <p/>
+  <img src="./addsys_33.png"/><br/>
+  <b>Figure #5: Certificate Verification Page</b>
+  <p/>
+  Finally, if a system is entered on the form for
   addition and it is ALREADY being managed by the luci server, the system is not added
   again (but, the administrator is informed via an error message).<p/>
 


