|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: IPS: iSCSI MIB last call>>>>> "Mark" == Mark Bakke <mbakke@cisco.com> writes: Mark> Since I haven't seen any other last call comments on the iSCSI Mark> MIB yet, I have one (technical) comment: Mark> The iscsiTgtAuthAttributesTable is used to match up iSCSI Mark> targets with lists of identities in the Auth MIB to which the Mark> target will allow access. Currently, any identity in the list Mark> for a target will be authorized to have presumable full access Mark> to the iSCSI target, other than anything that may be enforced Mark> at higher layers (SCSI). One thing we might want to consider Mark> is to allow these entries to specify whether the identity will Mark> be given read-only or read-write access to the target, perhaps Mark> something like: Mark> iscsiTgtAuthReadWrite OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS Mark> read-write STATUS current DESCRIPTION "A truth value that Mark> specifies whether the referenced AuthIdentity will be allowed Mark> write access to the target. False (=No) indicates that only Mark> read operations may be performed. True (=Yes) indicates that Mark> all access is allowed." DEFVAL { true } ::= { Mark> iscsiNodeAttributesEntry 13 } Mark> Thoughts? I brought this up around here a while ago, and the reaction was that this isn't all that useful. The argument is that per-initiator access control is for controlling shared access to a target. As a rule, operating systems support multiple readers, or (in things like clusters) multiple initiators with full access, but not a mix of readers and writers. paul
Home Last updated: Wed Oct 23 13:19:04 2002 11969 messages in chronological order |