WARNING : It's only alpha version

Distributed network administration support
---------------------------------------------

1. INTRODUCTION

There are two programs: client and server.
You can use it for distributed administration like Windows domains.

Server runs on job-server host.
And client runs on each workstation.

When you want to make some changes locally (for example add some ACL rights) you 
must run appropriate utility (e.g. acl_grant ...) .
But when you want to make this work on many stations you can run this util 
throw special r-job client (e.g. r-job server.com acl_grant ...). Then this job 
will be add to global joblist and apply to each station listed in client-list.

Stations can makes update when they wants just running rsbac-net util 
(e.g. using cron). So if some station was tunned off it is no problem to apply 
all settings you make during this time.

2. FILES

./clients-list - list of stations for server.
/tmp/rsbac-jobs~ - list of jobs for each station from list

3. PROGRAMS

r-jobd	-	jobs-server

some clients:

3.1 NETADMIN

Example of distributed administration tools

r-job	-	add and run job
r-job+	-	full command support (userfull for debug)
r-jobc	-	only get jobs (usefull for cron)
r-joba	-	only add jobs (if you don't want run it on local host)
r-joba-station  add job to selected station

3.2 RMONITOR

Example of station monitoring program

ragent   -	R-JOB agent on station
rmonitor - 	monitor


4. AUTHENTICATION SCHEME

==============================================================================================
1. Check IP-address in ./client-list
2. RSA based certificates
3. Diffi-Helman Key Exchange
			<-->
After this stage both client and server has per-session keyword 
and encrypt all traffic using it.

4. PAM checking for password

===============================================================================================
Note: You need to run getkeys program for create certificates before use.

5. PROTOCOL

1. Authentication
2. Client sends command
3. Client sends data for command if needed
4. Client sends additional data for command if needed
5. Server send response if needed


We have several access levels to this commands. You can define it 
on station list file (named ./client-list by default). Level applied to each 
station in list.

Station needs to have level greater or equal then access level to command

Current access level to commands

Available commands  and level now:

minimum level:
--
GET_ONLY_COMMAND	get current jobs for client's station
GET_ONLY_WARRANTY_COMMAND "with warranty" mode for previous command

LIST_STATION_COMMAND	get list of available stations (client-list)

medium 1 level:
----
ADD_ONLY_MINE_COMMAND   add new job to myself
ADD_ONLY_COMMAND 	add new job to all stations
GET_AND_ADD_COMMAND 	add new job to all stations and get current jobs for this station
GET_AND_ADD_WARRANTY_COMMAND "with warranty" mode for previous command

medium 2 level:
------
PEEK_ONE_STATION_COMMAND     - see job-list for selected station
ADD_ONLY_ONE_STATION_COMMAND - add new job to selected station
GET_ONLY_ONE_STATION_COMMAND - get current jobs for selected station

high level:
--------
CLEAN_COMMAND		remove all jobs to all stations
CLEAN_ONE_STATION_COMMAND    - remove all jobs to selected station

STOP_SERVER_COMMAND 	stop server
PAUSE_SERVER_COMMAND	pause server
RESUME_SERVER_COMMAND	resume server

ADD_STATION_COMMAND 	add new station to stations' list
DEL_STATION_COMMAND 	remove station from stations' list


6. CONFIGURATION FILES

./rjob.conf - main configuration file to rjobd. A lot of options available there
See an example of config file below:

--------------------------:x--------------
#
#example of config file for rjobd
#

#All activity go here
  activity_log:  /tmp/rjob.log

#All error messages
  error_log: /tmp/rjob.err    

#Pattern for job
  job_name: /tmp/rjob~

#Path for allowed station's list
  station_list: ./client-list
--------------------------:x--------------

You need also /etc/pam.d/rjob file for PAM authentication. See an example 
of this file below:
--------------------------:x--------------
#%PAM-1.0
auth       required	pam_nologin.so
auth       required	pam_pwdb.so shadow nullok
account    required	pam_pwdb.so
session    required	pam_pwdb.so

--------------------------:x--------------

P.S. 
    You can also use this program to all types of jobs (e.g useradd, mkdir)
    And for your BOSS too :))))))


Enjoy, see bugs and send bug reports to me.
--------------

Stanislav Ievlev
<inger@linux.ru.net>