[tickets] [opensaf:tickets] #938 IMM: access control

Tue, 26 Aug 2014 06:50:29 -0700 

branch:      opensaf-4.5.x
parent:      5666:9255d34a3b4f
user:        Hans Feldt <[email protected]>
date:        Tue Aug 26 15:49:04 2014 +0200
summary:     imm: change attribute name to authorizedGroup [#938]

changeset:   5670:1c2d2b906ca6
tag:         tip
parent:      5668:aad40c3ee853
user:        Hans Feldt <[email protected]>
date:        Tue Aug 26 15:49:04 2014 +0200
summary:     imm: change attribute name to authorizedGroup [#938]



---

** [tickets:#938] IMM: access control**

**Status:** review
**Milestone:** 4.5.0
**Created:** Tue Jun 10, 2014 05:30 AM UTC by Hans Feldt
**Last Updated:** Mon Aug 25, 2014 10:13 AM UTC
**Owner:** Hans Feldt

Requires #554 to provide authentication support.

In this first (last?) step the idea is to add coarse grained on/off type of 
authorization. Proposed is to allow access to the IMM service for the root user 
and members of one additional configurable linux group. Additionally members of 
the same group as immnd itself should be allowed access, that would include the 
opensaf processes.

Access control should be OFF by default in 4.5 for backwards compatibility 
reasons. The feature should be configurable in runtime via IMM. That is it 
should be possible to (optionally) configure an additional admin group name and 
then enable access control.

Access control should be controlled by a mode attribute with values: DISABLED, 
PERMISSIVE (just checking and reporting violations) and ENFORCING (ENABLED)

Disabling access control should only be allowed by the root user.




---

Sent from sourceforge.net because [email protected] is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets

Reply via email to