SUMMARY: RBAC on Solaris 8

From: Jeff Kennedy <jlkennedy_at_amcc.com>
Date: Wed Nov 07 2001 - 14:26:16 EST
Thanks to:

Alan Orndorff	Sid Wilroy
michael Horton	Konstantin Rozinov

The consensus is that RBAC is conceptually similar to sudo but far more
versatile.  It is native to Solaris 8, free, and Sun supported; making
it a very nice addition.

One of the questions was how to do this in a large enterprise using NIS
and cfengine, I got a reply stating that it should work under NIS but I
don't see how.  There are edits that need to be made in certain
/etc/security files which are machine specific; there's no security
group in /etc/nsswitch.conf to point to NIS.  It's possible to
distribute these files via cfengine but then I would have to have all
entries on all machines since users could be on any given host at any
given time.  This would only require role entries but in some instances
that could be quite a few.  If I'm wrong in this someone please
enlighten me.

~JK


Jeff Kennedy wrote:
> 
> Is anyone using this?  Is this simply a replacement for sudo with alot
> more features and control?  I am reading the docs right now but they
> mostly deal with the concepts of roles and authority, not actual
> implementation in a large environment.
> 
> Thanks.

-- 
=====================
Jeff Kennedy
Unix Administrator
AMCC
jlkennedy@amcc.com
Received on Wed Nov 7 19:26:16 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:35 EDT