[rsbac] rsbac + ldap/samba
jochem_ippers at email.de
jochem_ippers at email.de
Thu Jan 12 15:56:25 CET 2006
> > We still have no real solution for both RSBAC and SELinux w.r.t.
> Samba.
>
> Would you be willing to help, if someone tried to create such a
> solution? We already have ang-st creating RSBAC modules for apache,
> he might be interested.
>
> AFAIU, the RSBAC ACL module provides a superset of Windows Network
> ACLs (if not, we can extend it), so it should be possible to have
> full Windows managed ACLs on Samba with it.
So, as far as i understand it: apart from the missing setuid check of the (turned off?) AUTH module everyhing else should work by using ldap as authentication mechanism? It's no problem for us if the users can't set any rights on their windows clients, only WE set them ;-) and working rsbac ACLs on the unix filesystem layer would be perfect for a samba server/netware substitute, much better than working with 'setr-/getacl'. And there would still be a lot of possibilities with the other rsbac modules. So the whole system would be much better than a standard Samba+ldap+posix-ACLs combination...
Thanks for the fast answers.
Greetings
Jochem
>
> Amon.
> --
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list