> Maybe this is a future requirement, but when we move to > destributing the seusers file, you > could have a user be SystemLow-SystemHigh but a machine maxed out at > TopSecret. We need to handle this.
The concept being required is creating a set of accredited labels. The accreditation checks should be added into parts of the pam framework. The reason I say parts is that, SystemLow & SystemHigh may not be accredited but still used and valid for administration purposes. A potential method for handling this could be the translation database. Only pairings with names could deemed as accredited. Just some thoughts.... -Chad -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
