is there a future for user accounting (getpw* replacement)
Igor Mozolevsky
igor at hybrid-lab.co.uk
Wed Feb 19 12:39:36 UTC 2020
On Wed, 19 Feb 2020 at 07:58, Anthony Pankov <ap00 at mail.ru> wrote:
<snip>
> I think it is greatly depends of system appliance. If we speak
> about *system* as of part of IT infrastructure that provides some
> technical service then I fully agree. Excess users is disadvantage
> and OS survival is equal to *system* survival.
>
> But if our deployment include applications human interact with
> then *system* concept goes wider. In this case OS survival is not
> equal to *system* survival. When users/orgs lost their data or facing
> *system* malfunction they don't care that underlining OS did
> survive and not compromised. I think that in wider *system* concept
> idea to bring to OS fine tuned users accounting that will be shared between
> applications have to be considered.
Well, a user might care if another user steals the former's data in a
misconfigured system by bypassing application admission control and
going straight to the OS! Like I said before, by the sound of it, what
you want is either RFC4422 (aka SASL), or PAM, if you really have to!
Best,
--
Igor M.
More information about the freebsd-hackers
mailing list