> We decided to back away from trying to provide central RBAC. Our
> experience with multiple projects revealed that there is no one size fits all 
> solution regarding
> RBAC. But we were talking about geral Role
> base access control model not specific RBAC as Solaris implemented it. The 
> Solaris RBAC is similar
> to sudo and HBAC combined together. Both features are managed by IPA. We also 
> have SELinux policies
> on Linux that can constrain the root access. The user SELinux roles 
> management is on the roadmap
> but HBAC + SUDO should give you the equivalent if not more functionality than
> Solaris RBAC.



It's a false statement that Solaris RBAC is like sudo and HBAC combined. There 
so much more
options in the Solaris RBAC when it comes to such as limiting/granting 
cpu/memory resources, OS
privileges, based on a group, a project, a user, a service, etc.

Besides, RBAC comes with Solaris, sudo need to be installed.

And as I understand it, SSSD is required to installed on Solaris to implement 
the HBAC rules from
IPA?



Rgds,
Siggi


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to