This fast track times out today. Does anyone need more time, or are we converging here?
-- mark tim szeto wrote: > > > Gary Winiger wrote: >>> Summary of the concerns and proposed solutions for the PSARC 2007/414: >>> >>> Concern: Does clear text CHAP secret provides enough security? >>> >> >> I'm going to leave this one for now to get a feeling of others. >> >> >>> Concern: The iSCSI target manifest does not comply with SMF >>> authorization. >>> Proposal: >>> -We will add action_authorization and value_authorization to >>> the manifest to make >>> it SMF authorization compliant. >>> >> >> Good. Is there an updated spec showing this? > I updated the scf_design doc with a section on "Iscsi Target RBAC > authorization". >> Some how, I've >> missed the FMRI and man pages documenting it. Shouldn't this >> turn iscsitadm into being completely authorization driven? ;-) >> > No authorization is needed for iscsitadm, the cli sends the request to > the daemon and > the daemon verify the user credential. I don't think update to the > man page is needed. >> It would be nice to see the updated man page. >> >> >>> Issues: >>> -The CHAP secret will be put back after PSARC 2007/177 is >>> putback. The PSARC 2007/414 will >>> cover the putback of the CHAP secret at a later time, and no >>> additional case is needed. >>> >> >> I'm not sure how to read this. Is this accepting a case dependency >> on 2007/177? Or is it saying that a two phase project is being >> requested. Phase 1 without CHAP, phase 2 after 177 with CHAP. >> > We are requesting to make this a 2 phase project, and we will provide > all the documents to > address both phases. The 2nd phase will accept the 2007/177 dependency. > >> Gary.. >>
