SCF changes for iSCSI Target [PSARC/2007/414 FastTrack timeout 07/31/2007]
Mark A. Carlson
Mark.Carlson at sun.com
Tue Aug 7 10:38:25 PDT 2007
This fast track times out today. Does anyone need more time,
or are we converging here?
-- mark
tim szeto wrote:
>
>
> Gary Winiger wrote:
>>> Summary of the concerns and proposed solutions for the PSARC 2007/414:
>>>
>>> Concern: Does clear text CHAP secret provides enough security?
>>>
>>
>> I'm going to leave this one for now to get a feeling of others.
>>
>>
>>> Concern: The iSCSI target manifest does not comply with SMF
>>> authorization.
>>> Proposal:
>>> -We will add action_authorization and value_authorization to
>>> the manifest to make
>>> it SMF authorization compliant.
>>>
>>
>> Good. Is there an updated spec showing this?
> I updated the scf_design doc with a section on "Iscsi Target RBAC
> authorization".
>> Some how, I've
>> missed the FMRI and man pages documenting it. Shouldn't this
>> turn iscsitadm into being completely authorization driven? ;-)
>>
> No authorization is needed for iscsitadm, the cli sends the request to
> the daemon and
> the daemon verify the user credential. I don't think update to the
> man page is needed.
>> It would be nice to see the updated man page.
>>
>>
>>> Issues:
>>> -The CHAP secret will be put back after PSARC 2007/177 is
>>> putback. The PSARC 2007/414 will
>>> cover the putback of the CHAP secret at a later time, and no
>>> additional case is needed.
>>>
>>
>> I'm not sure how to read this. Is this accepting a case dependency
>> on 2007/177? Or is it saying that a two phase project is being
>> requested. Phase 1 without CHAP, phase 2 after 177 with CHAP.
>>
> We are requesting to make this a 2 phase project, and we will provide
> all the documents to
> address both phases. The 2nd phase will accept the 2007/177 dependency.
>
>> Gary..
>>
More information about the opensolaris-arc
mailing list