On 02/23/10 04:10, Andrew Beekhof wrote: > On Mon, Feb 22, 2010 at 8:58 AM, Yan Gao <y...@novell.com> wrote: >> Hi Andrew, >> >> On 02/08/10 17:48, Andrew Beekhof wrote: >>> On Thu, Feb 4, 2010 at 5:24 PM, Yan Gao <y...@novell.com> wrote: >>>>> And put exclusions for things like passwords before the read for the >>>>> whole cib? >>>> Yes. We should specify any "deny" and "write" objects before it. >>> >>> I like the syntax now, but my original concern (that all the >>> validation occurs in the client library) remains... so this still >>> isn't providing any real security. >> Right. If it's impossible for cib to run as root, > > If you need root for this, I think we can allow that change for 1.1. > Great! So PAM is still preferred. Anyway, I'll have a dig at different ways. I think we can make that change when the authentication is ready, and if it's necessary.
Thanks, Yan -- Yan Gao <y...@novell.com> Software Engineer China Server Team, OPS Engineering, Novell, Inc. _______________________________________________ Pacemaker mailing list Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker
