From: "Paul D. Robertson" <proberts@clark.net>
Subject: Re: RC separation of duty
Date: Fri, 5 Nov 1999 08:10:30 -0500 (EST)
Next Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
On 5 Nov 1999, A. Ott wrote:
> Well, there is a reason why I called this thread RC separation of duty. It
> is about RC only. :)
I have a question about this, because I'm only starting to play with
roles and I'm more used to MAC catagories for compartments/containers.
Is it currently possible to limit role based on login path, and set a
system default role if you haven't logged in using an approved method
that's role-high.
For instance, SYSADMIN needs to log in via /usr/local/sbin/sshd,
otherwise the maximum role privilege you can use is USER. I don't mind
having to fix sshd to do some sort of RSBAC call.
Still trying to get the models straight in my head :)
Thanks,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.
Next Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Top of Thread: RC separation of duty ao@morpork.shnet.org (A. Ott)
Next in Thread: Re: RC separation of duty ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]