I don't think that's a good idea. Class G users can be given LOGONBY to another class G user for a variety of reasons. Neither userid should get other than class G just because of the LOGONBY authorization.
Brian Nielsen On Fri, 24 Aug 2007 12:54:22 -0400, Alan Altmark <[EMAIL PROTECTED] > wrote: >On Friday, 08/24/2007 at 11:54 EDT, "Schuh, Richard" <[EMAIL PROTECTED]> >wrote: >> In that case, FORCE and XAUTOLOG should be in a class that does not >include >> SHUTDOWN. After all, why should we trust TCPIP any more than we do oth er >users? >> Who knows what information it is shipping to Chuckie unbeknownst to us ? > >C says: "no no no. it's fine. really. trust me. (heh heh)" > >There are some who believe that the authority to LOGON BY to a user shou ld >implicitly allow: >- XAUTOLOG >- SET SECUSER or OBSERVER >- SEND (a la class C) >- FORCE >- SIGNAL SHUTDOWN > >Thoughts? >======================== ========================= ========================