Gary Winiger wrote: >> Summary of the concerns and proposed solutions for the PSARC 2007/414: >> >> Concern: Does clear text CHAP secret provides enough security? >> > > I'm going to leave this one for now to get a feeling of others. > > >> Concern: The iSCSI target manifest does not comply with SMF authorization. >> Proposal: >> -We will add action_authorization and value_authorization to the >> manifest to make >> it SMF authorization compliant. >> > > Good. Is there an updated spec showing this? I updated the scf_design doc with a section on "Iscsi Target RBAC authorization". > Some how, I've > missed the FMRI and man pages documenting it. Shouldn't this > turn iscsitadm into being completely authorization driven? ;-) > No authorization is needed for iscsitadm, the cli sends the request to the daemon and the daemon verify the user credential. I don't think update to the man page is needed. > It would be nice to see the updated man page. > > >> Issues: >> -The CHAP secret will be put back after PSARC 2007/177 is putback. >> The PSARC 2007/414 will >> cover the putback of the CHAP secret at a later time, and no >> additional case is needed. >> > > I'm not sure how to read this. Is this accepting a case dependency > on 2007/177? Or is it saying that a two phase project is being > requested. Phase 1 without CHAP, phase 2 after 177 with CHAP. > We are requesting to make this a 2 phase project, and we will provide all the documents to address both phases. The 2nd phase will accept the 2007/177 dependency.
> Gary.. >
