Thanks to: Alan Orndorff Sid Wilroy michael Horton Konstantin Rozinov The consensus is that RBAC is conceptually similar to sudo but far more versatile. It is native to Solaris 8, free, and Sun supported; making it a very nice addition. One of the questions was how to do this in a large enterprise using NIS and cfengine, I got a reply stating that it should work under NIS but I don't see how. There are edits that need to be made in certain /etc/security files which are machine specific; there's no security group in /etc/nsswitch.conf to point to NIS. It's possible to distribute these files via cfengine but then I would have to have all entries on all machines since users could be on any given host at any given time. This would only require role entries but in some instances that could be quite a few. If I'm wrong in this someone please enlighten me. ~JK Jeff Kennedy wrote: > > Is anyone using this? Is this simply a replacement for sudo with alot > more features and control? I am reading the docs right now but they > mostly deal with the concepts of roles and authority, not actual > implementation in a large environment. > > Thanks. -- ===================== Jeff Kennedy Unix Administrator AMCC jlkennedy@amcc.comReceived on Wed Nov 7 19:26:16 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:35 EDT