Peter Memishian writes:
> > I'm cc'ing networking-discuss for a bigger discussion. What characters
> > should be allowed for secure object names?
>
> As hinted at by the dladm manpage, the intent was to start with a fairly
> restrictive set (the alphanumerics) and then broaden as necessary.
> Unfortunately, it seems that the implementation did not impose this
> restriction and thus we've got the current mess.
>
> Given that the secobj stuff is still (relatively speaking) new, I'd
> recommend we introduce the restrictions now, ideally in DLDIOC_SECOBJ_SET.
> Specifically, I'd recommend we allow the alphanumerics, along with "_",
> and perhaps "." if it's useful. In the interest of stamping out a class
> of bugs we're already aware of, I'd discourage allowing whitespace
> characters. I'd also discourage the use of ":", as that character has
> special meaning to dladm connect-wifi's -k parameter.
Unfortunately, NWAM has always automatically generated 'secobj' names,
and it's done so for quite a while -- excluding only ':' from the
strings it generates, and relying on '-' and '.' pretty heavily ('-'
as a separator, and '.' as a replacement for ':').
I'm not sure why (technically) the names need to be restricted, but if
we're going to that, then we'll have to cook up some way of "fixing"
any keys that people already have so that they have acceptable names,
and so that applications can still find them after upgrade.
For SXCE, that means familiar class action and BFU updates (and a flag
day, since you can't go back without misplacing your keys[1]), but
most instances of the problem are likely with OpenSolaris (where NWAM
is the default), and that has no clear mechanism for dealing with
upgrade-related scripting.
I think we need to get help from the Indiana IPS folks for this.
Should 'dlmgmtd' seek these things out and fix them or do we need
something else?
1. Maybe this should be called a "senior moment" day. ;-}
--
James Carlson, Solaris Networking <[EMAIL PROTECTED]>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
_______________________________________________
networking-discuss mailing list
[email protected]
