Casper.Dik at Sun.COM wrote: > What I would like is: > > - a role which you can assume by typing your own password, not the > role
Which is basically what sudo does. > - but I would like it to keep the same uid as the user > (making the role a different uid in the credential) Though why do we need to have a role for this ? Requiring a role makes OpenSolaris RBAC more complex to setup that sudo. I believe the requirement is really - needs authentication. So why not update pfexec to call PAM ? We could even mimic what sudo does and provide the ability on a per profile basis to determine if the authentication step is necessary or not. I also believe it would be useful if pfexec when it called PAM had the ability to have a embedded_pfexec(1M) version like we have embedded_su(1M). Though maybe that isn't as necessary given gksu(1M) ? There are existing RFEs already logged for the above functionality. -- Darren J Moffat
