So going back to the initial proposal that James made: It occurs to me that the logical extension of a Dashboard RBAC system (or perhaps even moving elements of the problem upstream) is for auth.conf to recognize users or perhaps better "roles" as an authentication construct.
This seems like a very reasonable incremental step. It doesn't solve everything--in fact, if there's no way provided to assign roles to users, it doesn't solve *anything*. But if we're ever going to have RBAC in core, auth.conf will have to recognize roles as authentication constructs. I think we're in danger of falling into the "yes but your proposal for fixing the leaky faucet doesn't solve world hunger" rat hole, as we're so wont to do these days. :) Recognizing something that will need to be done regardless and getting it in the queue I'm fine with. Trying to grow a comprehensive security architecture from such a potsherd, not so much. -- M ----------------------------------------------------------- When in trouble or in doubt, run in circles, scream and shout. -- 1920's parody of the maritime general prudential rule ------------------------------------------------------------ -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
