IETF Logo Mail Archive

Re: [netmod] I-D Action: draft-ietf-netmod-system-mgmt-11.txt

"Yi Yang (yiya)" <yiya@cisco.com> Thu, 06 February 2014 21:16 UTC

Return-Path: <yiya@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DBCA1A0516 for <netmod@ietfa.amsl.com>; Thu, 6 Feb 2014 13:16:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.036
X-Spam-Level:
X-Spam-Status: No, score=-15.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ikGIVDC5rtF for <netmod@ietfa.amsl.com>; Thu, 6 Feb 2014 13:16:29 -0800 (PST)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 54AD91A0514 for <netmod@ietf.org>; Thu, 6 Feb 2014 13:16:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=879; q=dns/txt; s=iport; t=1391721388; x=1392930988; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=qCOIpWrgvOl0E1RoEpyfncOdMIQf+PwTaSCKOhU4Jp8=; b=NNX9VPBRQeUvwjE5Dlk6UutkGjJTXpzKXV6cqU3Tc4hOqk6Q5QMNFiNO NDV8tsM+mCeJ+fbK0O5wx7m1JbgMFFao3QdqWVll4OM+6Dez4+4josWoP ZDd+gzsopb5Pf9w0+E24CjayrZWpwsMrGd6t1RvPzUcnIlAytlI6DeTgH c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAF7781KtJV2Y/2dsb2JhbABZgwyBD756gQ4WdIIlAQEBBHkQAgEIDgoYFjIlAgQOBYgFzQ4XjnoHGIQgAQOJEYsxg2mSIYMtgio
X-IronPort-AV: E=Sophos;i="4.95,795,1384300800"; d="scan'208";a="302220482"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP; 06 Feb 2014 21:16:13 +0000
Received: from xhc-rcd-x04.cisco.com (xhc-rcd-x04.cisco.com [173.37.183.78]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s16LGDET020593 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 6 Feb 2014 21:16:13 GMT
Received: from xmb-aln-x11.cisco.com ([169.254.6.170]) by xhc-rcd-x04.cisco.com ([fe80::200:5efe:173.37.183.34%12]) with mapi id 14.03.0123.003; Thu, 6 Feb 2014 15:16:13 -0600
From: "Yi Yang (yiya)" <yiya@cisco.com>
To: Martin Bjorklund <mbj@tail-f.com>
Thread-Topic: [netmod] I-D Action: draft-ietf-netmod-system-mgmt-11.txt
Thread-Index: AQHPFdgzGMRqtUVbW0GBh5oYMEh3NpqnL4wAgAFYt4CAABZXAIAAHaIAgAAFngCAAAsxAIAAaDAA//+xKgA=
Date: Thu, 06 Feb 2014 21:16:12 +0000
Message-ID: <CF1964F9.2130D%yiya@cisco.com>
References: <20140206134518.GD49118@elstar.local> <20140206.150524.1309921502695133115.mbj@tail-f.com> <CF194B57.212B0%yiya@cisco.com> <20140206.215822.456617131.mbj@tail-f.com>
In-Reply-To: <20140206.215822.456617131.mbj@tail-f.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [64.102.95.107]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <DC7859CCD2A1A44E897927F7BCF1A5C3@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "netmod@ietf.org" <netmod@ietf.org>
Subject: Re: [netmod] I-D Action: draft-ietf-netmod-system-mgmt-11.txt
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 21:16:30 -0000

Hi Martin,

Now I see why we don¹t need something explicitly for public-key. And
"user-authentication-order" is really for password-based only.

Yi


On 2/6/14 3:58 PM, "Martin Bjorklund" <mbj@tail-f.com> wrote:

>Hi,
>
>"Yi Yang (yiya)" <yiya@cisco.com> wrote:
>> Hi Martin,
>> 
>> One issue is for "feature local-users", as specified in section 3.5.1
>>and
>> 3.5.2, it indicates support of public-key-based AND password-based
>> authentication for local users. But what if only public-key-based is
>> supported, or vice versa? How would client discover it?
>
>public-key is mandatory to support according to RFC 4252, so it makes
>sense to not have a special feature for it.
>
>I don't think it's common with systems that don't support passwords;
>of course the operator can choose to not use them, as already haas
>been stated.
>
>
>/martin

v2.23.0 | Report a Bug | By Email