введение в Performance Co-Pilot (PCP) (introduction to the Performance Co-Pilot (PCP))
SECURE PMCD CONNECTIONS
Since PCP version 3.6.11, a monitor can explicitly request a
secure connection to a collector host running pmcd(1) or
pmproxy(1) using the PM_CTXFLAG_SECURE context flag. If the PCP
Collector host supports this feature - refer to the
pmcd.feature.secure metric for confirmation of this - a TLS/SSL
(Transport Layer Security or Secure Sockets Layer) connection can
be established which uses public key cryptography and related
techniques. These features aim to prevent eavesdropping and data
tampering from a malicious third party, as well as providing
server-side authentication (confident identification of a server
by a client) which can be used to guard against man-in-the-middle
attacks.
A secure pmcd connection requires use of certificate-based
authentication. The security features offered by pmcd and
pmproxy are implemented using the Network Security Services (NSS)
APIs and utilities. The NSS certutil tool can be used to create
certificates suitable for establishing trust between PCP monitor
and collector hosts.
A complete description is beyond the scope of this document,
refer to the PCP ENVIRONMENT, FILES and SEE ALSO sections for
detailed information. This includes links to tutorials on the
steps involved in setting up the available security features.
