other authority groups?

To: debian-edu@lists.debian.org
Subject: other authority groups?
From: Andreas Schuldei <andreas@schuldei.org>
Date: Tue, 5 Apr 2005 16:20:26 +0200
Message-id: <[🔎] 20050405142025.GA15260@timotheus.schuldei.org>

I am working on the access control handling for user passwords (and other attributes)

i am just now trying to come up with a generic algorythm to determine who is allowed to
write to a user's ldap entry, depending on which authority groups he is in.

right now we have theses authority groups by default: admins, jradmins, teachers and students

the basic rule is simple: 
- if a person is in the admins group , no one can write to his
  entry 
- if he is in jradmins, his entry is writeable by members of the
  group admins and 
- if he is in student or teacher he is writeable by both admins
  and jradmins.

but we have authority_groups as a flexible thing. that means
people can add new authority groups.

question: what other authority groups are possible/likey? would
they interfer with the above algorithm? what would be a good way
to make this configurable by the local admin? (a config file in
/etc/? how could that look like?)

Reply to:

Follow-Ups:
- Re: other authority groups?
  - From: RalfGesellensetter <rgx@gmx.de>
- Re: other authority groups?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: other authority groups?
  - From: Frank Weißer <skolelinux@mauscircus.net>

Prev by Date: sattellite links: latency simulation program
Next by Date: Room reservations for Nafplion
Previous by thread: sattellite links: latency simulation program
Next by thread: Re: other authority groups?
Index(es):
- Date
- Thread