Renee Danson writes: > I think either of these can better address concerns about respecting > the admin's preferred security policy. First, the default locations > may be modified by the user. If the user wants NWAM to always use > static addresses and always block dhcp traffic, the no-net location's > security policy could be modified to enforce that.
If the "no-net" location is in place from the point where the daemon is started (I might have called this "utopia," since it's no location at all ... even if there _is_ a network), then I don't see how there's an issue here. That implies that there's always a user-specified security policy in place -- the user can change the policy specified in "no-net" in order to get any behavior he wants. > For the case where the admin installs a security policy, and is not > aware of what NWAM is trying to do, we should also ensure that neither > of the default (automatic and no-net) NWAM locations will override > existing (user-installed) security policy. That one's less clear to me. I think it depends on how the "location" model actually works in administrative terms. If it's possible for the administrator to set configuration that stands outside of "location" -- and thus is globally present -- then avoiding disruption of that makes sense. If it's not possible to do that, then it's really a matter of telling users that they need to set up the locations they want with the policies they need. I think the system is consistent and predictable either way, and I don't know how to choose among them. (I suspect I slightly prefer the latter, because it means that I don't have to invest time understanding what it means to have two policies composed together and I just need to understand "locations." But maybe that's just me.) > The automatic location > specifies no security policy (allow everything), and the no-net > location would specify policy to block everything except traffic > NWAM believes it needs to do its job; but both should defer to > existing, legacy policy. This of course means that if the user > installs policy that prevents NWAM from doing its job, the network > won't get configured; at that point, it would be up to the admin > who put the security policy in place to decide how they expect the > network to be configured, and modify either the security policy or > the NWAM config as needed to make that happen. I'm still a little confused on how 'legacy' configuration should interact with NWAM-selected policy. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
