2008/525 ikeadm token login
Paul Wernau
Paul.Wernau at sun.com
Fri Aug 15 10:01:13 PDT 2008
James Carlson wrote:
> Bill Sommerfeld writes:
>> I'm sponsoring this fasttrack for Paul Wernau. Timer expires on
>> 8/22/2008. Release binding is Patch/Micro. The new ikeadm and ikecert
>> subcommands, options, and associated behavior have a Committed stability
>> level.
> [...]
>> ikecert(1m) will be changed so that the pin is not stored in the clear
>> on disk unless the -p option is given.
>
> Isn't this (changing the default way the pin is stored) an
> incompatible change?
>
> That seems like a reasonable and good change for Minor or higher, but
> why do this in a patch?
>
Hmmm, I had queried the IPsec team about the very same question and we
had decided collectively that this is probably an exceptional case (if
the feature existed before, it would have been done that way.) I
actually would like Bill Sommerfeld or Dan McDonald to weigh in with
their opinion as I am kind of on the fence about this particular issue.
-Paul
More information about the opensolaris-arc
mailing list