Remote Management

Power Manager supports remote management over the network. Remote management allows users on distant computers to monitor and alter Power Manager.

This ability is particularly useful for system administrators and for those managing computers that are difficult to physically reach.

Remote management can be enabled and disabled using the Power Manager application. The Allow Remote Management menu item controls the default connection settings.

Enable remote management using the application:

  1. Launch Power Manager.
  2. Enable (check) the Scheduler > Allow Remote Management menu item.

Disable remote management using the application:

  1. Launch Power Manager.
  2. Disable (uncheck) the Scheduler > Allow Remote Management menu item.

Customising Remote Management

By default, the user interface sets up a single network socket listening to all interfaces on a system provided port. The default network socket is advertised via Bonjour/Zero-Config.

The default socket’s unique identifier is uk.co.dssw.powermanager.systempreference.remote-management. You should avoid altering sockets whose name begins with uk.co.dssw.powermanager. This namespace is reserved for use by Power Manager’s graphical and command line tools.

Power Manager can be set up to listen to more than one network socket.

You can add additional sockets for remote management using the command line pmctl tool, or with an AppleScript script.

Creating a socket

To create a remote management socket with a fixed port number, such as 31234, which listens on all network interfaces, use these commands:

cd '/Applications/Power Manager.app/Contents/Tools'
./pmctl listen.applysocket 'unique ID=Fixed' 'port=31234'

Remote management is provided by the Listen API object. The Listen object provides an interface for creating (listen.applysocket), listing (listen.sockets), and removing (listen.removesocket) network sockets.

The listen.applysocket command accepts a range of parameters. The parameters are all optional. Power Manager will choose a suitable default for each missing parameter.

The command above creates a listening socket on port 31234 with the unique identifier Fixed.

Omitting the port parameter will create a socket with an operating system assigned port.

Listing the socket details

To check the socket has been created and is listening, issue the commands below:

./pmctl listen.sockets
[{"port"=>31234.000000,"protocol family"=>"IPv4","state"=>"listening","unique ID"=>"Fixed","URLs"=>["pm://Mac-Pro.local:31234"]}]

The command’s response lists every listening socket, along with information such as the name, port number, and URL.

You can immediately start using your new socket.

Remove the socket

To remove a remote management socket, issue the commands below:

./pmctl listen.removesocket 'unique ID=Fixed'

The listen.removesocket command removes the socket with the provided unique identifier.

How Connections are Secured

Remote management connections are secure. All connections are encrypted using SSL/TLS (Transport Layer Security) industry standard encryption. Authentication and authorisation are provided by Pluggable Authentication Modules (PAM).

Pluggable Authentication Modules (PAM) Support

Power Manager’s PAM configuration is controlled by the PAM configuration file /etc/pam.d/sudo. This file is created and removed as needed.

Power Manager uses the PAM service sudo by default.

Do not alter this PAM configuration file. The default configuration will be ideal for the great majority of environments, and should be left untouched. Changes to the file will be reverted between restarts and updates.

If you are familiar with PAM configuration files, and wish to use alternative modules or configuration settings, this is possible.

To use your own PAM configuration file, create the desired PAM service file and then update Power Manager’s default to match the service file’s name.

You can change the PAM service used, see Defaults and Preferences. The service name is read from the default management.service in the host wide domain uk.co.dssw.powermanager. A restart is recommended after changing this default.

Change the PAM service

sudo defaults write /Library/Preferences/uk.co.dssw.powermanager 'management.service' myservice

Reset the PAM service

sudo defaults delete /Library/Preferences/uk.co.dssw.powermanager 'management.service'

Bonjour Domains

Power Manager advertises across all available Bonjour registration domains. This helps ensure the best experience when trying to locate Power Manager services.

When searching for Power Manager services, the application will search only the .local domain by default. This reduces network traffic but more importantly lists only services which the user is likely to be able to access.

Attempting to connect to services beyond the .local domain is likely to fail. Routers and other network devices may block required ports and otherwise limit access. Power Manager services may be visible through Bonjour but not accessible.

Searching beyond .local is possible by enabling Search all domains in the network services window. This option respects the forced default behaviour and will be hidden automatically if the user can not change the underlying DSSWPMAKServicesDefaultWideDomains default, see Defaults and Preferences.