wiki:RpcAuth

Version 6 (modified by Nicolas, 17 years ago) (diff)

Removed redundant subtitle

Controlling BOINC remotely

The BOINC core client typically is controlled by the BOINC Manager? running on the same machine:

http://boinc.berkeley.edu/gui_auth.png

The two programs communicate over a local connection, using 'GUI RPC' (Graphical User Interface Remote Procedure Call). It's also possible to use the BOINC Manager to control a core client on a different host:

http://boinc.berkeley.edu/gui_auth2.png

You can use add-on programs such as BOINCView to control many BOINC clients at once:

http://boinc.berkeley.edu/gui_auth3.png

Access control for GUI RPC

Since GUI RPCs can control the BOINC client (e.g. attaching/detaching projects) it is important to protect your BOINC client from unauthorized control. There are two levels of protection:

  • GUI RPCs are authenticated with a GUI RPC password. This is stored with the client in the file gui_rpc_auth.cfg. When BOINC first runs, it generates a long, random password. You can change it if you like.
  • You can specify a set of hosts from which RPCs are allowed. By default, RPCs are allowed only from the same host.

A GUI RPC is handled only if it passes both levels of protection.

Allowing RPCs from remote hosts

By default the core client accepts GUI RPCs only from the same host. You can allow remote hosts to control a core client in two ways:

  • If you run the client with the --allow_remote_gui_rpc command line option, it will accept connections from any host (subject to password authentication).
  • You can create a file remote_hosts.cfg in your BOINC directory containing a list of allowed DNS host names or IP addresses (one per line). Only these hosts will be able to connect. The remote_hosts.cfg file can also have comment lines that start with either a # or a ; character.

If you have a remote_hosts.cfg file but also start the client with --allow_remote_gui_rpc, the file will be ignored, and any host will be allowed to connect.

Attachments (3)

Download all attachments as: .zip