Hi William,
Thank you.
We have a relatively large number of user that are allowed to add
profiles. Looks like I'll need to create a wrapper to require
a restrictive (MAC) criteria.
- Tom
On Monday, 25 July 2011 at 06:44, William Schumann wrote:
> On 07/22/11 08:21 PM, Tom Warner wrote:
> >Hello Caimanaters,
> Hi, Tom.
> >Is there a way to "opt out" or only allow specific criteria constrained
> >profiles
> >to be associated with a client.
> >
> >The man for installadm says that "Profiles created without criteria are
> >associated
> >with all clients of the service."
> As such, no, not yet through installadm. There is no way to express "do not
> apply this profile in this instance".
>
> It seems logical to be able to express criteria with 'not' as an
> extension to the criteria option on the installadm command line:
> e.g. MAC~= a:a:a:a:a:a, but it is not presently available.
>
> One possible workaround: identify specific properties that are not
> to be applied globally, separating them into different profile
> files, and selectively run 'create-profile' with '-c <criteria>' to
> apply the 'non-global' properties.
>
> Another workaround would involve:
> - deleting any profiles without criteria ("global" profiles), and
> - identifying criteria that exclude systems in question, and run
> create-profile, specifying those criteria with '-c <criteria>'
> For example, if there were different networks for testing and live,
> profiles could be created with different properties applied
> according to network. The most basic technique would be to always
> use MAC address as criteria, since it is unique.
>
> Another limited and non-automatic workaround would be to temporarily
> delete a global profile until the system in question received its
> profiles.
>
> (Note that the System Configuration Tool will be run upon first boot for any
> system receiving no profiles at all.)
>
> William
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
