Appendix C. 411 Secure Information Service Internals

Table of Contents
C.1. Using the 411 Service
C.2. Structure
C.3. 411 Groups
C.4. Plugins
C.5. 411get Configuration File
C.6. Commands
C.6.1. 411get
C.6.2. 411put

The 411 Secure Information Service provides NIS-like functionality for Rocks clusters. It is named after the common "411" code for information in the phone system. We use 411 to securely distribute password files, user and group configuration files and the like.

411 uses Public Key Cryptography to verify file contents, and shared key cryptography to protect transport. It operates on a file level, rather than the RPC-based per-line maps of NIS. 411 does not rely on RPC, and instead distributes the files themselves using HTTP (web service). Its central task is to securely maintain critical login/password files on the worker nodes of a cluster. It does this by implementing a file-based distributed database with weak consistency semantics. The design goals of 411 include scalability, security, low-latency when changes occur, and resilience to failures.