Would LDAP be a candidate for this...pointing the policy lookup to directories?

> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov
> [mailto:owner-selinux@tycho.nsa.gov]On
> Behalf Of Westerman, Mark
> Sent: Tuesday, January 15, 2002 8:22 AM
> To: selinux@tycho.nsa.gov
> Cc: 'sds@tislabs.com'
> Subject: General Users
>
>
> The current implementation of SELinux requires each user to
> be listed in the
> user policy file
> and the default_context. This is great for single purpose server and
> workstation machines.
> I am currently look at a project that will require hundreds
> of machines and
> thousands of users. The user name and password are propagated
> thru NIS. With
>
> the current implement of SELinux this makes the management of
> the machines
> non-workable. Requires to much system administration. User
> are added and
> removed on a regular basis. We cannot rebuild a policy file
> for each machine
> for the
> addition or removal of a user.
>
>
> What would be the best way to modify the current implement to create a
> standard
> user. I was thinking of setting up a standard user for the
> user policy file
> and
> for the default context in the /etc/security (cron and default). I am
> looking at modifying
> the libsecure to look at the user, if the user is not found in the
> default_context file
> then assign him the standard user context.
>
>
> Any suggestions would be great.
>
>
> Mark Westerman
>
> --
> You have received this message because you are subscribed to
> the selinux list.
> If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.