- Description has changed:
Diff:
~~~~
--- old
+++ new
@@ -4,3 +4,7 @@
Access control should be OFF by default in 4.5 for backwards compatibility
reasons. The feature should be configurable in runtime via IMM. That is it
should be possible to (optionally) configure an additional admin group name and
then enable access control.
+Access control should be controlled by a mode attribute with values: DISABLED,
PERMISSIVE (just checking and reporting violations) and ENFORCING (ENABLED)
+
+Disabling access control should only be allowed by the root user.
+
~~~~
---
** [tickets:#938] IMM: access control**
**Status:** review
**Milestone:** 4.5.0
**Created:** Tue Jun 10, 2014 05:30 AM UTC by Hans Feldt
**Last Updated:** Fri Aug 15, 2014 02:51 PM UTC
**Owner:** Hans Feldt
Requires #554 to provide authentication support.
In this first (last?) step the idea is to add coarse grained on/off type of
authorization. Proposed is to allow access to the IMM service for the root user
and members of one additional configurable linux group. Additionally members of
the same group as immnd itself should be allowed access, that would include the
opensaf processes.
Access control should be OFF by default in 4.5 for backwards compatibility
reasons. The feature should be configurable in runtime via IMM. That is it
should be possible to (optionally) configure an additional admin group name and
then enable access control.
Access control should be controlled by a mode attribute with values: DISABLED,
PERMISSIVE (just checking and reporting violations) and ENFORCING (ENABLED)
Disabling access control should only be allowed by the root user.
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets