Experimental Physics and
Industrial Control System

Andrew Johnson <[email protected]> · Mon, 3 Dec 2012 11:51:55 -0600

Hi Lewis,

On 2012-12-03 J. Lewis Muir wrote:
> Would you be willing to change the default behavior to act as if the
> CAJ_STRIP_HOSTNAME system property had been set to true?  If the
> underlying implementation is broken and returns an FQDN where it should
> not, and if you don't do anything to correct that in CAJ, then CAJ will
> be using a hostname that will not work with Access Security.  No one
> wants that.

IMHO CAJ should try to provide the IOC/server with exactly the same name that 
the C++ CA client library gives when run on that machine, which could be the 
short name, a FQDN or even some intermediate name.  Where the name comes from 
can vary with different OSs, different versions of the C run-time library, and 
may depend on what's in the machine's /etc/hosts file or even host its DNS 
service is configured.

It looks like the C++ library gets the name using the class localHostName in 
src/ca/localHostName.cpp which calls the C run-time library's gethostname() 
function.  On Linux that apparently returns the node-name from uname(2), but 
other OSs may implement it differently.  Read the NOTES to the RHEL manpages 
on uname(2) for a discussion about the node-name field.

Note that shortening the name could have security implications at some sites, 
so I don't like the idea of doing that inside the CAJ implementation.  If both 
CA libraries /can/ be made to return the same name then at least an IOC's 
access security file only needs one name per host, but you can always list 
both names in the HAG if Java doesn't provide access to the gethostname() 
function.

- Andrew
-- 
Computer science is as much about computers as astronomy is about
telescopes. -- Edsger Dijkstra

Experimental Physics and Industrial Control System

Experimental Physics and
Industrial Control System