> We decided to back away from trying to provide central RBAC. Our > experience with multiple projects revealed that there is no one size fits all > solution regarding > RBAC. But we were talking about geral Role > base access control model not specific RBAC as Solaris implemented it. The > Solaris RBAC is similar > to sudo and HBAC combined together. Both features are managed by IPA. We also > have SELinux policies > on Linux that can constrain the root access. The user SELinux roles > management is on the roadmap > but HBAC + SUDO should give you the equivalent if not more functionality than > Solaris RBAC.
It's a false statement that Solaris RBAC is like sudo and HBAC combined. There so much more options in the Solaris RBAC when it comes to such as limiting/granting cpu/memory resources, OS privileges, based on a group, a project, a user, a service, etc. Besides, RBAC comes with Solaris, sudo need to be installed. And as I understand it, SSSD is required to installed on Solaris to implement the HBAC rules from IPA? Rgds, Siggi _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
