> 2.0 Project Summary > 2.1 Project Description > > This project introduces the package of Openwsman 2.1.0 > into the SFW consolidation.
I'm confused here about a number of things. * Is this a service and therefore needing to be controlled by SMF? I see what looks like a possible mention of a service manifest, but no mention of an FMRI, method context, administrative authorizations, Rights Profiles, properties such as local_only, .... I'd expect the man page to discuss at least the FMRI, Rights Profiles and properties. * The man page states: "openwsmand service can be started only by a privileged user." In the light of Solaris Privileges, SMF and RBAC what does this mean? * The Check List says this project uses PAM and the man page shows: /etc/pam.d/openwsman: #%PAM-1.0 auth required pam_unix2.so nullok auth required pam_nologin.so account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so none None of these PAM modules seem to be delivered by this project and are otherwise not part of OpenSolaris. Furthermore, the imported interfaces do not show libpam. * The imported interfaces appear to show the use of OpenSSL. IIRC, it's use is contracted. I don't find a mention of the contract. * This project appears to do authentication, yet I don't see mention of how that authentication is audited or a discussion why it shouldn't be. The reference for the Check List auditing section seems to say to me if the project does authentication, it audits that authentication. * The Check List says: "The openwsman daemon is sufficiently privileged to authenticate the wsman client. There will be no request for a password change coming in over the wire via WS-Man." With Solaris Privileges, what does "sufficiently privileged ..." mean? If there is no password change over the wire, how exactly are passwords managed? htpasswd/htdigest do not appear to be part the imported interfaces. * The Check List says: "If the openwsman daemon is configured to use PAM, then the service configuration file provided by the administrator in /etc/pam.d will be used." Is PAM configured? See above about the use of PAM. * What is the analysis of the security implications of this project vis-a-vis currently delivered Sun SNMP? Other than viewing/reporting, what type of administrative file/database modifications/changes does this project permit? Gary..