Re: other authority groups?

To: "Andreas Schuldei" <andreas@schuldei.org>
Cc: debian-edu@lists.debian.org
Subject: Re: other authority groups?
From: Frank Weißer <skolelinux@mauscircus.net>
Date: Wed, 6 Apr 2005 08:22:50 +0200 (CEST)
Message-id: <[🔎] 60828.84.129.234.54.1112768570.squirrel@webmail.kamp-dsl.de>
Reply-to: skolelinux@mauscircus.net
In-reply-to: <[🔎] 20050405142025.GA15260@timotheus.schuldei.org>
References: <[🔎] 20050405142025.GA15260@timotheus.schuldei.org>

<zitiere wer="Andreas Schuldei">
> I am working on the access control handling for user passwords (and other
> attributes)
>
> i am just now trying to come up with a generic algorythm to determine who is
> allowed to
> write to a user's ldap entry, depending on which authority groups he is in.
>
> right now we have theses authority groups by default: admins, jradmins,
> teachers and students
>
> the basic rule is simple:
> - if a person is in the admins group , no one can write to his
>   entry
> - if he is in jradmins, his entry is writeable by members of the
>   group admins and
> - if he is in student or teacher he is writeable by both admins
>   and jradmins.
>
> but we have authority_groups as a flexible thing. that means
> people can add new authority groups.
>
> question: what other authority groups are possible/likey? would
> they interfer with the above algorithm? what would be a good way
> to make this configurable by the local admin? (a config file in
> /etc/? how could that look like?)
>
>
> --
> To UNSUBSCRIBE, email to debian-edu-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Hi!
By having my teachers working with skolelinux since summer 2004, i can tell my
needs on wlus:

For wlus i need admin users to be able to do all the things now done by
root.(for now i'm forced to give away the root password, because i can't do
this part of administration alone.)
Jradmins in my understanding are students, so they've got to be able to change
the classes/courses of teachers and students. Eventually they can create new
Accounts for those authorities.(e.g. new students or teachers appear in the
during the year)
In my schools (classes 0-10) teachers _must_ be able to give a _new_ password
to the students _without_ knowing the old one. Now i've got to come to one of
3 PC-rooms on 2 schoolbuildings if someone forgot his one. It would be nice,
if they had a button 'generate password', so they don't have to deal with
password rules ;-) Also a teacher should be able to put a student to his
class/course or take him out. And - as i learned yesterday - he needs to
create new student-accounts sometimes.

readU

Frank

Reply to:

Follow-Ups:
- Re: other authority groups?
  - From: RalfGesellensetter <rgx@gmx.de>

References:
- other authority groups?
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: Re: Weekly report week 13
Next by Date: Re: Weekly report week 13
Previous by thread: Re: other authority groups?
Next by thread: Re: other authority groups?
Index(es):
- Date
- Thread