[ofa-general] Re: [PATCH] saquery: --smkey command line option

Sasha Khapyorsky sashak at voltaire.com
Tue May 27 03:33:41 PDT 2008


On 05:52 Fri 23 May     , Hal Rosenstock wrote:
> 
> But can be protected by other weak access control currently and perhaps
> more in the future.

OpenSM console is not a great example IMO - OpenSM doesn't need to issue
SA queries against itself.

> New commands which require trust can utilize SMKey
> without it being specified (at least for OpenSM), no ?

Maybe yes, but could you be more specific? Store SMKey in read-only
file on a client side?

> > And what about diagnostics when other SMs are used?
> 
> I think there's a problem here in a trusted environments given the
> approach taken as I've stated in the past but seems to have been
> forgotten. The more trust the less the current diag strategy fits.
> 
> Are you also going to be proposing exposing MKeys too once MKey
> management is supported by OpenSM/other SMs ?

I don't have any M_Key manager implementation details, but hope it will
not needed.

I'm not proposing to expose SM_Key, just added such option where this
key could be specified. So: 1) this is *optional*, 2) there is no
suggestions about how the right value should be determined.

Sasha



More information about the general mailing list