OpenBMC 11/27 community telecon - Minutes

[Brad Bishop]

The minutes are not very good this week.  Apologies.

As always, If there are any errors or omissions please just reply with
a correction.

Thx - brad

OpenBMC Community Teleconference 11/27 Minutes
--------------------------------

Andrew J
Adriana K
Milton M
Jeremy K
Sai D
Andrew G
Eddie J
Joel S
James M
Nancy Y
Yong L

———
User Management

Milton - stories about user management - has anyone spelled out how thats going to work
Brad - no-one has done any (public) design yet
James - have something internal, based on ipmi
Brad - is dbus on the table?
James - will check into user design to possibly share.
Milton - areas that need discussion or agreement, concept of user roles -> map to groups, is a user in one group only?  is everyone allowed to ssh in?  is ssh limited?
Jeremy - approach of using PAM makes sense.  use whatever backend necessary.  3 roles required for IPMI.
James - intel considering PAM as well.
Nancy - is it possible to limit a user to how they login (over ipmi or ssh?)
Jeremy - yes
Brad - do we need dbus?
Jeremy - possibly not?
Nancy - IPMI should not go thru pam - some abstraction needed?
Jeremy - PAM is already an abstraction.
Brad - is there any shared logic between applications using PAM?
Jeremy - not really much duplicated.
Milton - are users common across interfaces?
Jeremy - yes.
Brad - when does it make sense to invent a dbus api and when doesn’t it?
Jeremy - do we need processes to communicate in a new way?  In this case the established PAM API dictates that.
James - asked team to finalize draft to get submitted for review.

—————
Secure Coding Guidelines

James - banned apis, what are thoughts on that?
Jeremy - hard disallow is tough - could be warnings?  documented anti-patterns?
Brad - lets do a patch on the list

—————
Multi Image Support

Nancy - what class of configurations?
James - x86, power, switch, etc.
Nancy - didn’t know this was possible.  very interesting.