-user can bog down all requests by hammering it with bad auth requests causing the auth facility to get bogged down in PBKDF Option: -a multiprocessing pool to handle new authentications. The auth action itself would be stalled out whilst an attack was underway, but once in, the respective session layers will provide a caching session that should accelerate things after the client gets in once -penalizing a client clearly trying to break in -other auth -pam if user exists but has no passphrase -keystone? -ad? (specialized to the AD case) -expressionkeys never gets smaller - perf impact -need event notification for config change- e.g. set attribute triggers consol session object check to see if credentials changed design is that calling code on init registers a callback for related node to the in-context config manager object. callback shall be OO so no context object parametr passed in. ipmi will use it for user/password/hardwaremanagement.manager changes to console and command objects. console will use it to hook add/deletion of nodes and/or indicating a different console.method or hardwaremanagement.method -When the time comes to dole out configuration/discovery, take page from xCAT 'flexdiscover' command, if possible bring an ipmi device under management by way of ipv6 to eliminate requirement for ip to be specified. Requires the polling event support (which is required for security anyway) -this stack trace (happened with method was set to ""): Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response for data in result: File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler cfgmgr, querydict) File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path passvalue = pluginmap[plugpath].__dict__[operation]( KeyError: ''