g+
g+ Communities
Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
<== Date ==> <== Thread ==>

Subject: Re: Using CAJ in production
From: Andrew Johnson <anj@aps.anl.gov>
To: tech-talk@aps.anl.gov
Cc: "Shankar, Murali" <mshankar@slac.stanford.edu>, Matej Sekoranja <matej.sekoranja@cosylab.com>
Date: Mon, 3 Dec 2012 11:51:55 -0600
Hi Lewis,

On 2012-12-03 J. Lewis Muir wrote:
> Would you be willing to change the default behavior to act as if the
> CAJ_STRIP_HOSTNAME system property had been set to true?  If the
> underlying implementation is broken and returns an FQDN where it should
> not, and if you don't do anything to correct that in CAJ, then CAJ will
> be using a hostname that will not work with Access Security.  No one
> wants that.

IMHO CAJ should try to provide the IOC/server with exactly the same name that 
the C++ CA client library gives when run on that machine, which could be the 
short name, a FQDN or even some intermediate name.  Where the name comes from 
can vary with different OSs, different versions of the C run-time library, and 
may depend on what's in the machine's /etc/hosts file or even host its DNS 
service is configured.

It looks like the C++ library gets the name using the class localHostName in 
src/ca/localHostName.cpp which calls the C run-time library's gethostname() 
function.  On Linux that apparently returns the node-name from uname(2), but 
other OSs may implement it differently.  Read the NOTES to the RHEL manpages 
on uname(2) for a discussion about the node-name field.

Note that shortening the name could have security implications at some sites, 
so I don't like the idea of doing that inside the CAJ implementation.  If both 
CA libraries /can/ be made to return the same name then at least an IOC's 
access security file only needs one name per host, but you can always list 
both names in the HAG if Java doesn't provide access to the gethostname() 
function.

- Andrew
-- 
Computer science is as much about computers as astronomy is about
telescopes. -- Edsger Dijkstra

Replies:
Re: Using CAJ in production J. Lewis Muir
References:
Using CAJ in production Shankar, Murali
Re: Using CAJ in production Matej Sekoranja
Re: Using CAJ in production J. Lewis Muir

Navigate by Date:
Prev: Re: Using CAJ in production J. Lewis Muir
Next: Re: mask for bitwise operation in CALC record Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
Navigate by Thread:
Prev: Re: Using CAJ in production J. Lewis Muir
Next: Re: Using CAJ in production J. Lewis Muir
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICSv4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·