From: ao@morpork.shnet.org (A. Ott)
Subject: Re: RC separation of duty
Date: 08 Nov 1999 10:08:00 +0100
Next Article (by Subject): Re: RC separation of duty "Paul D. Robertson"
Previous Article (by Subject): Re: RC separation of duty "Paul D. Robertson"
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty "Paul D. Robertson"
Articles sorted by: [Date]
[Author]
[Subject]
********* ***************** ********** **** ***** ***** ************ To subject Re: RC separation of duty proberts@clark.net (Paul D. Robertson) wrote: ********** ******************** ****** ******** ******* ************* > On 5 Nov 1999, A. Ott wrote: > > > Well, there is a reason why I called this thread RC separation of duty. It > > is about RC only. :) > > I have a question about this, because I'm only starting to play with > roles and I'm more used to MAC catagories for compartments/containers. > Is it currently possible to limit role based on login path, and set a > system default role if you haven't logged in using an approved method > that's role-high. > > For instance, SYSADMIN needs to log in via /usr/local/sbin/sshd, > otherwise the maximum role privilege you can use is USER. I don't mind > having to fix sshd to do some sort of RSBAC call. No, this concept is not (yet) included in RC. You can only use AUTH model to limit the list of users /bin/login may change to. This was my original idea of login path limiting. Maybe I should allow a negative AUTH capability list, meaning 'every user but the listed ones'. Or a range setting. > Still trying to get the models straight in my head :) Don't worry about asking. Amon. -- Please remove second ao for E-Mail reply - no spam please! ## CrossPoint v3.11 ## - To unsubscribe from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: RC separation of duty "Paul D. Robertson"
Previous Article (by Subject): Re: RC separation of duty "Paul D. Robertson"
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty "Paul D. Robertson"
Articles sorted by: [Date]
[Author]
[Subject]