Age | Commit message (Collapse) | Author |
|
Avoid password checks on delete.
Bug 5418
|
|
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
|
|
Don't need sudo for ip command anymore.
|
|
|
|
Since brctl has cap_net_admin, don't need to use sudo
|
|
Several templates can use simplified non-expression syntax
|
|
No longer need sudo on ip because of cap_net_admin
|
|
|
|
|
|
Allow combination of IPv4 and IPv6 address in community setting.
Use script to generate necessary community values in snmpd.conf
|
|
Add:
service snmp listen-address AAAA [port NNN]
|
|
Need to use different syntax for community values on IPv6
versus IPv4
|
|
This reverts commit 5aafb72b269d409500258f0b65f3e635d99712b7.
|
|
Simple change to allow ipv6 or ipv4 address in configuration.
|
|
Use same format/syntax over all interface types.
Bug 5257
|
|
Need ifb device to be created before other devices redirect
to it.
|
|
More descriptive name for input interface.
|
|
This is configuration wrapper for IFB. See spec.
|
|
/sys/devices/system/cpu/present is 0-NN on SMP and 0 on UP.
|
|
If only one CPU, then not worth bothering doing any kind of interrrupt
affinity.
|
|
local-zone's firewall when using Zone Based Firewall
* changed local zones INPUT and OUTPUT chain rules to allow all local-zone
traffic on the loopback interface rather than using address 127.0.0.1 which
was too restrictive and blocked certain traffic initiated from and going to
local-zone itself. This is compliant with the Zone Concept and similar to
what's done for other transient zones as well where rules are interface based
|
|
|
|
Bug 4977
Need to wait to set/check bond primary device until after it
is put in bond group.
|
|
|
|
RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address. The kernel IPv6 code supports this
feature, but doesn't enable it by default. This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
|
|
bootup
|
|
* fix this for eth, eth.vif, bond, bond.vif interfaces
* also, bridge-group code for bonding interfaces wasn't changed
with commit ec080f99 that re-strucutred bridging code in eth and
eth.vifs to fix bug 4708. bridge-group code for bond and bond.vif
interfaces is now similar to the fix for 4708
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Bug 5256
Going out to perl to repeatedly validate ethernet device name slows
down adding VLAN's and other operations with lots of sub-devices.
|
|
|
|
The overhead of compiling perl script repeatedly slows down VIF creation
|
|
|
|
Bug 4754
Want correct host-name for DHCP to work right later under interfaces.
Want timezone correct so that any services started that print time
information have correct data.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
Fix help text (Bug 5254) and allow IPV6 static mapping (Bug 5298)
|
|
Bug 5285
|
|
Bug 5286
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
Bug 5252
The boot script needs to restore default settings, and the
templates are then used to enable root access.
|
|
We need to delay disabling flow control in the sequence of events
until after the interface address has been set. An additional benefit
of adding a "priority" field is that interface configuration will not
fail if the attempt to disable flow control fails for some reason.
|
|
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Bug 458
Add
service snmp trap-source <address>
wrapper for /etc/snmp/snmp.conf
|
|
Bug 3756
Allow setting trap communities and port values.
|
|
Postscript to bug 4499
|
|
Bug 212
The entries in config under protocols were all routing protocols
except SNMP which was an unfortunate original design choice.
Config script does migration.
|
|
Bug 4499
|
|
Want to process loopback first, so any local addresses assigned
to loopback are done.
|