Re: RC separation of duty


From: "Paul D. Robertson" <proberts@clark.net>
Subject: Re: RC separation of duty
Date: Fri, 5 Nov 1999 08:10:30 -0500 (EST)

Next Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


On 5 Nov 1999, A. Ott wrote:

> Well, there is a reason why I called this thread RC separation of duty. It  
> is about RC only. :)

I have a question about this, because I'm only starting to play with 
roles and I'm more used to MAC catagories for compartments/containers.  
Is it currently possible to limit role based on login path, and set a 
system default role if you haven't logged in using an approved method 
that's role-high.  

For instance, SYSADMIN needs to log in via /usr/local/sbin/sshd, 
otherwise the maximum role privilege you can use is USER.  I don't mind 
having to fix sshd to do some sort of RSBAC call.

Still trying to get the models straight in my head :)

Thanks,

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.