> From: [EMAIL PROTECTED] > > > Should each user have access to his/her own passwords, and > > nothing else? > > > Which user can change which password(s)? > > > > The security model can be something like 'john belongs to pay_group, > > so he can read and maybe write (if group administrator) passwords of > > pay_group'. > [...] > > I agree, but in an heterogenous environment (windows, linuxes & macs) > > which I'm in, it's helpfull :) > > This screams LDAP to me. Delegate management of certain portions and > attributes of your tree to whomever should manage them via ACLs. Wrap your > choice of LDAP management around this and you have what you want.
That's right. Because nothing should ever be simple...
