Gary Winiger wrote: >>>> There is also purposely no admin command, the customers requesting >>>> this functionality want a raw file as that is what they already use >>>> on Linux or on Solaris with the existing open source module. >>> IMO, this is an excuse for not providing a properly auditable >>> administrative interface and not a reason. >> I disagree, we are giving the customers what they want and what they >> need. I agree it doesn't provide an easily audited admin interface but >> the funding just isn't there to provide that capability and we really >> can't hold of providing this simple module any longer our customers are >> already really really annoyed it has taken us so long to do so. > > Not saying the CU be damned, but just the opposite. IMO, as > I believe I stated this 3.5 years ago when this started, this > project is kludge/bandaid for lack of a proper architecture. > I'm saddened that such an architecture doesn't seem to be > forthcoming.
and it is exactly because the is no better alternative that I restarted this case. This is a perfectly acceptable solution for many people. I've love to see something better with centralised (but still allowing very fine grained policy) in fact we used to have such a thing when Sun resold the BoKS product as Solstice Security Manager (and on Solaris 2.6 it even used PAM!). Feel free to derail this case for the purpose of writing an opinion to point out that there are still a number of areas where Solaris doesn't have sufficient account access controls and that a centralised management tool for this is needed as well. I'll gladly provide fodder for that opinion. -- Darren J Moffat
