Moinak Ghosh wrote: > On Fri, Jun 6, 2008 at 11:09 PM, Philip Brown <[EMAIL PROTECTED]> wrote: >> >> Last time I checked, RBAC was not nearly that simple, and does not lend >> itself to scalability of administration across multiple machines. It's a >> very "local-only" solution. sudo is *designed to be* a multiple-machine >> solution. RBAC does not appear to be so. > > That I'd say is a misconception. RBAC is also designed for multiple > machines. The various configs can be stored in the nameservice database > and entries in /etc/nsswitch.conf specifies the search order. Somewhat > more flexible and integrated than using rsync (and of course scalability > of administration is preserved).
With sudo, you can have a single global file across 10 machines, that allows certain users elevated privileges on 2 out of the 10 machines, without changing anything locally on those 2 machines. All 10 machines can be 100% identical in other respects. How can you do that with RBAC? _______________________________________________ pkg-discuss mailing list pkg-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
