Re: [PacketFence-users] PacketFence Admin

Sat, 25 Jun 2016 06:38:37 -0700 

> On Jun 24, 2016, at 17:44 , TOURE Amidou Florian 
> <[email protected]> wrote:
> 
> Hi all I have a question on concerning the user that is configured to be 
> packetfence administrator.After ccreating this user what kind of security can 
> we give to this user.I want to say that how to secure this user and not 
> permit to a person to usurp his identity.


You could start by not sharing the password.

But a better answer would involve RBAC I suppose.
You can authenticate access to the admin GUI using an authentication source 
with a rule that assigns one or more “Admin Access” role.

Example:

I create an Active Directory source called “AD_inverse”
I create a rule called “isAdmin”
I assign the “administration” class to the rule, so that it does not 
authenticate users on the network but is instead used to allow access to the 
admin GUI
I define a condition in the rule that will match criteria allowing a specific 
user of group of users to be administrators
I define an action of type “Access Level” to assign “ALL” for a superuser, or 
one of the defined “Admin Access” roles if I want to be more granular.

That allows you to use an outside authentication source for access to the 
management GUI.
Once you have tested it, set an absurdly long and complex password for the 
admin user and throw it away, never to see it again.

Play a bit with those functionalities.
I believe they can cover 99.9% of all use cases.

Regards,
--
Louis Munro
[email protected]  ::  www.inverse.ca 
+1.514.447.4918 x125  :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to