A list for people interested in developing the OVAL language.
View all threadsIf this has been discussed/settled, please just point me to the discussion. I searched and did not find anything addressing this directly.
In the Mac OSX pwpolicy59 object, the schema requires a 'userpass' that is used to authenticate to a non-local node. I not would think the storing of a valid username and password in an open XML document would be a good idea. There is the option of using the 'xsi:nil' attribute to leave the username and userpass elements empty. But, in that case, no authentication is performed against a non-local node.
So, we either have a password in the open or we cannot authenticate to a non-local node?
John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ@mail.mil
843.218.5953
...
If this is coming from an XCCDF checklist, I’d use an external variable and set the mask attribute for the userpass object entity. The password could then “live” in a tailoring, which need not necessarily be persisted anywhere as a file.
Otherwise, you’re right, it’s certainly not ideal!
Best regards,
—David A. Solin
On Aug 17, 2016, at 9:41 AM, Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) john.r.ulmer6.civ@mail.mil wrote:
If this has been discussed/settled, please just point me to the discussion. I searched and did not find anything addressing this directly.
In the Mac OSX pwpolicy59 object, the schema requires a 'userpass' that is used to authenticate to a non-local node. I not would think the storing of a valid username and password in an open XML document would be a good idea. There is the option of using the 'xsi:nil' attribute to leave the username and userpass elements empty. But, in that case, no authentication is performed against a non-local node.
So, we either have a password in the open or we cannot authenticate to a non-local node?
John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ@mail.mil
843.218.5953
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...