From: [EMAIL PROTECTED] > > Should each user have access to his/her own passwords, and > nothing else? > > Which user can change which password(s)? > > The security model can be something like 'john belongs to pay_group, > so he can read and maybe write (if group administrator) passwords of > pay_group'. [...] > I agree, but in an heterogenous environment (windows, linuxes & macs) > which I'm in, it's helpfull :)
This screams LDAP to me. Delegate management of certain portions and attributes of your tree to whomever should manage them via ACLs. Wrap your choice of LDAP management around this and you have what you want. DS
