[tickets] [opensaf:tickets] #938 IMM: access control

Tue, 26 Aug 2014 06:51:06 -0700 

changeset:   5671:d5daab61f065
branch:      opensaf-4.5.x
parent:      5669:170071e1b3f4
user:        Hans Feldt <[email protected]>
date:        Tue Aug 26 15:49:55 2014 +0200
summary:     immsv: add README.ACCESS_CONTROL [#938]

changeset:   5672:85de318d629f
tag:         tip
parent:      5670:1c2d2b906ca6
user:        Hans Feldt <[email protected]>
date:        Tue Aug 26 15:49:55 2014 +0200
summary:     immsv: add README.ACCESS_CONTROL [#938]



---

** [tickets:#938] IMM: access control**

**Status:** review
**Milestone:** 4.5.0
**Created:** Tue Jun 10, 2014 05:30 AM UTC by Hans Feldt
**Last Updated:** Tue Aug 26, 2014 01:49 PM UTC
**Owner:** Hans Feldt

Requires #554 to provide authentication support.

In this first (last?) step the idea is to add coarse grained on/off type of 
authorization. Proposed is to allow access to the IMM service for the root user 
and members of one additional configurable linux group. Additionally members of 
the same group as immnd itself should be allowed access, that would include the 
opensaf processes.

Access control should be OFF by default in 4.5 for backwards compatibility 
reasons. The feature should be configurable in runtime via IMM. That is it 
should be possible to (optionally) configure an additional admin group name and 
then enable access control.

Access control should be controlled by a mode attribute with values: DISABLED, 
PERMISSIVE (just checking and reporting violations) and ENFORCING (ENABLED)

Disabling access control should only be allowed by the root user.




---

Sent from sourceforge.net because [email protected] is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets

Reply via email to