On 2/9/06, Alan Altmark <[EMAIL PROTECTED]> wrote: > It's a design philosophy. Displaying the access list for a VSWITCH is > difficult if it is a combination of GRANTs plus NICDEFs. We don't want to > search the directory every time someone does a QUERY. And displaying an
I figured the design was broken rather than the code, otherwise I would have tried a PMR against it. I fear Chuckie has been smoking the same stuff as Miguel... The need for a QUERY is not obvious to me. What's the benefit of being able to tell what other servers could connect to the same network as you did ? The only purpose now is to check the superfluous GRANT. Network design needs some careful planning anyway and now you have the same people define the same aspect in different places. Yes, the way I see it when you drop your NIC you can COUPLE that one again to the LAN defined in the directory - only that one. I warned against the risk of DoS with Guest LAN and that was not fixed with the VSWITCH. Sure, access control through the CP directory (and passwords) is different from using an ESM and it should be. With an ESM you can separate functions and manage your access control much better. When the CP directory is the only control, then it is unwise to force the adminstrator to define the same thing in two different places because that causes stale authorisations. Rob -- Rob van der Heij Velocity Software, Inc ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
