Hi Andrew, On 02/08/10 17:48, Andrew Beekhof wrote: > On Thu, Feb 4, 2010 at 5:24 PM, Yan Gao <y...@novell.com> wrote: >>> And put exclusions for things like passwords before the read for the whole >>> cib? >> Yes. We should specify any "deny" and "write" objects before it. > > I like the syntax now, but my original concern (that all the > validation occurs in the client library) remains... so this still > isn't providing any real security. Right. If it's impossible for cib to run as root, I'm considering investigating PolicyKit to see if we could achieve authentication through it. Any suggestion?
Regards, Yan -- Yan Gao <y...@novell.com> Software Engineer China Server Team, OPS Engineering, Novell, Inc. _______________________________________________ Pacemaker mailing list Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker