On Mon, Feb 22, 2010 at 8:58 AM, Yan Gao <y...@novell.com> wrote: > Hi Andrew, > > On 02/08/10 17:48, Andrew Beekhof wrote: >> On Thu, Feb 4, 2010 at 5:24 PM, Yan Gao <y...@novell.com> wrote: >>>> And put exclusions for things like passwords before the read for the >>>> whole cib? >>> Yes. We should specify any "deny" and "write" objects before it. >> >> I like the syntax now, but my original concern (that all the >> validation occurs in the client library) remains... so this still >> isn't providing any real security. > Right. If it's impossible for cib to run as root,
If you need root for this, I think we can allow that change for 1.1. > I'm considering > investigating PolicyKit to see if we could achieve authentication > through it. Any suggestion? > > Regards, > Yan > -- > Yan Gao <y...@novell.com> > Software Engineer > China Server Team, OPS Engineering, Novell, Inc. > > _______________________________________________ > Pacemaker mailing list > Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > _______________________________________________ Pacemaker mailing list Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker