> > This is covered under CR# 4986798
> >
> > http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4986798
> For example, if I have a netgroup:
>
> Admins \
> (-,user1,mydomain) (-,user2,mydomain) ... (-,userN,mydomain)
>
> and I put this in /etc/user_attr (or NIS or LDAP user_attr):
>
> @Admin::::profiles=Primary Administrator;roles=root
>
> I'd like that to give me the equivalent funtionality of this in
> user_attr (on all hosts):
>
> user1::::profiles=Primary Administrator;roles=root
> user2::::profiles=Primary Administrator;roles=root
> .
> .
> .
> userN::::profiles=Primary Administrator;roles=root
>
> Basically I already have to maintain the netgroup, since it's used
> elsewhere, and I'd rather not have another list of the same users to
> have to keep in sync.
>
> Is that covered by that RFE? or is this something different?
It wasn't intended to be covered by the existing RFE. That RFE
is to restrict on which machines a user has access to a particular
Rights Profile. It is not an aggregator of user_attr entries.
If you're asking to aggregate user_attr entries by netgroup,
please file a different RFE.
Gary..
>
> If it's not, I can even envision ways that the two ideas coudl be used
> together, to assign the same role to one netgroup of users on one
> netgroup of hosts, and a different netgroup of users on a different
> netgroup of hosts. But that might be too complicated.
>
> -Kyle
> _______________________________________________
> security-discuss mailing list
> security-discuss at opensolaris.org
>
