On Thu, 2007-03-29 at 05:01, Michael S. Tsirkin wrote: > > > > There's no way to shut down an IB switch port with opensm or any OFED > > > > diags? Yuck... > > > > > > > > Scott > > > > > > Maybe something can be done with the opensm console. > > > > A command could be added for this in the console but there is a separate > > diag command which handles this. > > Taking this topic off the bugzilla thread for now. > > This really must be part of SM I think. > > I think this operation needs to perform set to port attributes, so > doing this from a separate utility would only work with > the most permissive policy which lets everyone get the mkey - > which seems to be what OpenSM is currently using by default, > but not necessarily the best thing for network security. > > Right?
I think it depends on who needs to perform these operations. In a protected subnet, is it every user or the network administrator doing this ? I can imahine a more sophisticated MKey strategy where that might not be sufficient but we are a ways from that world IMO. Also, if I recall correctly, you objected to the OpenSM console being enabled in the build by default on the basis of security concerns with remote access. Currently there are no "write" commands in the console; only "read" ones. Adding "write" commands will require this issue to be fixed first. There are ideas to fix this but it's not happening in the short term. I'm not adverse to heading in this direction but there is more here than meets the "eye". -- Hal _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
