PSARC 2007/397 NDMP Service
Darren J Moffat
Darren.Moffat at sun.com
Tue Jul 3 07:36:10 PDT 2007
Mark A. Carlson wrote:
> As far as what the project team needs to do for this release, I think we
> should only require implementation
> of what is already out there (MD5).
I was asking that you add support for tcp wrappers using libwrap to
provide some additional access control. This requires no changes to the
NDMP protocol and doesn't even require any additional admin
functionality in the ndmpadm command, all you need to do is call the
libwrap functions, the config of access control is done in the
/etc/hosts.{allow,deny} files.
> Do you want to derail to document
> the additional security advice in an opinion?
I don't see any value in a derail just to write an opinion document for
this. It seems to me like the project team is aware of the issue and
knows a possible way to progress with the standards group involved. If
you would like technical assistance in doing this I'd be interested in
helping out define improved authentication and transport protection for
NDMP.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list