On 12/05/16 20:32, Justin Ross wrote:
On Thu, May 12, 2016 at 12:00 PM, Gordon Sim <[email protected]> wrote:
On 12/05/16 19:50, Justin Ross wrote:
Do we want to be able to apply policy to operator tools? These would be
tools for inspecting a router or router network as a whole, not a
particular vhost.
I would think you would just authenticate as an administrator (or a user
in an administrator group). That would apply even for tools users built for
themselves.
Agreed, but to clarify, that doesn't get you a policy for "operator
tools". It get's you the default policy or a specific vhost policy.
What is the purpose of having different policies (given that a policy
itself allows different permissions for different user groups)?
I can only see any value in them if virtual hosts imply a different
address space and/or user base.
And it's worth asking perhaps whether users defined in the default policy
are available under a vhost-bound connection. I'm guessing no. That could
be a stumbling point.
I'm not sure what you mean.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
