-user can bog down all requests by hammering it with bad auth requests causing the auth facility to get bogged down in PBKDF Option: -a multiprocessing pool to handle new authentications. The auth action itself would be stalled out whilst an attack was underway, but once in, the respective session layers will provide a caching session that should accelerate things after the client gets in once -penalizing a client clearly trying to break in -other auth -pam if user exists but has no passphrase -keystone? -ad? (specialized to the AD case) -expressionkeys never gets smaller - perf impact -When a user account is changed, have httpapi and sockapi notified of changes to kill off related sessions. password changes are given a pass, but user deletion will result in immediate session termination -need event notification for config change- e.g. set attribute triggers consol session object check to see if credentials changed design is that calling code on init registers a callback for related node to the in-context config manager object. callback shall be OO so no context object parametr passed in. ipmi will use it for user/password/hardwaremanagement.manager changes to console and command objects. console will use it to hook add/deletion of nodes and/or indicating a different console.method or hardwaremanagement.method -When the time comes to dole out configuration/discovery, take page from xCAT 'flexdiscover' command, if possible bring an ipmi device under management by way of ipv6 to eliminate requirement for ip to be specified. Requires the polling event support (which is required for security anyway) -Change the remote timeout behavior to yield a response, then have pluginapi decides whether to error the response or a message indicating error in case of multi-node request -this stack trace (happened with method was set to ""): Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response for data in result: File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler cfgmgr, querydict) File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path passvalue = pluginmap[plugpath].__dict__[operation]( KeyError: '' -have pyghmi and friends do multiprocessing pools (particularly the PBKDF stuff in auth) -have console sessions be instructed as to more specific clue for unconnected -misconfigured - console.method probably not set right -unreachable - hardwaremanagement.manager probably wrong -authentication failure - user/passphrase probable not right