On 10/22/07, Darren J Moffat <darrenm at opensolaris.org> wrote: > Mike Gerdts wrote: > > 1. RBAC's lack of portability to OS's other than Solaris limits its > > usefulness in mixed environments. > > It is open source, there is nothing stopping it being ported to other > platforms !
The thought has crossed my mind (not that I have time to tackle this on my own). It seems as though this could all be standalone enough that there shouldn't be big problems with license incompatibilities. There are other things about sudo that make it more desirable, but there are also scalability problems that I am not sure are due to design or implementation. That is, when a sudoers file has a large number of referenced netgroups it can have an extremely long startup time. This is amplified by networks with non-trivial latency. I suspect that porting RBAC may be less effort than fixing sudo, but I am intrigued by the possibilities of moving the policy decisions to the directory server. -- Mike Gerdts http://mgerdts.blogspot.com/
