-
Notifications
You must be signed in to change notification settings - Fork 452
RpcAuth
The BOINC core client typically is controlled by the BOINC Manager running on the same machine:
The two programs communicate over a local connection, using 'GUI RPC' (Graphical User Interface Remote Procedure Call). It's also possible to use the BOINC Manager to control a core client on a different host:
You can use add-on programs such as BOINCView to control many BOINC clients at once:
Since GUI RPCs can control the BOINC client (e.g. attaching/detaching projects) it is important to protect your BOINC client from unauthorized control. There are two levels of protection:
- GUI RPCs are authenticated with a GUI RPC password. This is stored with the client in the file gui_rpc_auth.cfg. When BOINC first runs, it generates a long, random password. You can change it if you like.
- You can specify a set of hosts from which RPCs are allowed. By default, RPCs are allowed only from the same host.
A GUI RPC is handled only if it passes both levels of protection.
By default the core client accepts GUI RPCs only from the same host. You can allow remote hosts to control a core client in two ways:
- If you run the client with the
--allow_remote_gui_rpc
command line option, it will accept connections from any host (subject to password authentication). - You can create a file remote_hosts.cfg in your BOINC Data directory containing a list of allowed DNS host names or IP addresses (one per line). Only these hosts will be able to connect. The remote_hosts.cfg file can also have comment lines that start with either a # or a ; character.
If you have a remote_hosts.cfg file but also start the client with --allow_remote_gui_rpc, the file will be ignored, and any host will be allowed to connect.