SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: IPS: iSCSI MIB last call



    >>>>> "Mark" == Mark Bakke <mbakke@cisco.com> writes:
    
     Mark> Since I haven't seen any other last call comments on the iSCSI
     Mark> MIB yet, I have one (technical) comment:
    
     Mark> The iscsiTgtAuthAttributesTable is used to match up iSCSI
     Mark> targets with lists of identities in the Auth MIB to which the
     Mark> target will allow access.  Currently, any identity in the list
     Mark> for a target will be authorized to have presumable full access
     Mark> to the iSCSI target, other than anything that may be enforced
     Mark> at higher layers (SCSI).  One thing we might want to consider
     Mark> is to allow these entries to specify whether the identity will
     Mark> be given read-only or read-write access to the target, perhaps
     Mark> something like:
    
     Mark> iscsiTgtAuthReadWrite OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS
     Mark> read-write STATUS current DESCRIPTION "A truth value that
     Mark> specifies whether the referenced AuthIdentity will be allowed
     Mark> write access to the target.  False (=No) indicates that only
     Mark> read operations may be performed.  True (=Yes) indicates that
     Mark> all access is allowed."  DEFVAL { true } ::= {
     Mark> iscsiNodeAttributesEntry 13 }
    
     Mark> Thoughts?
    
    I brought this up around here a while ago, and the reaction was that
    this isn't all that useful.  The argument is that per-initiator access
    control is for controlling shared access to a target.  As a rule,
    operating systems support multiple readers, or (in things like
    clusters) multiple initiators with full access, but not a mix of
    readers and writers.
    
    	paul
    
    


Home

Last updated: Wed Oct 23 13:19:04 2002
11969 messages in chronological order