Date: Wed, 19 Feb 2020 12:38:57 +0000 From: Igor Mozolevsky <igor@hybrid-lab.co.uk> To: Anthony Pankov <ap00@mail.ru> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: is there a future for user accounting (getpw* replacement) Message-ID: <CADWvR2iHf8okb1AqERCMTD-m0Ksf=6qqLQK6Zz1HaOcQq%2BfcaA@mail.gmail.com> In-Reply-To: <77695285.20200219105817@mail.ru> References: <661730512.20200217141432@mail.ru> <CADWvR2hG_gWYK=HZsDf5XRR%2BHq2%2B9c-KeUP3Cj0H4ZQOzRpPyw@mail.gmail.com> <419974027.20200217155651@mail.ru> <CADWvR2iU4Ua%2B8hDwYHm8DeL2%2BL9Ywf6JyOGdnzx3QA6-HY-8LA@mail.gmail.com> <77695285.20200219105817@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Feb 2020 at 07:58, Anthony Pankov <ap00@mail.ru> wrote: <snip> > I think it is greatly depends of system appliance. If we speak > about *system* as of part of IT infrastructure that provides some > technical service then I fully agree. Excess users is disadvantage > and OS survival is equal to *system* survival. > > But if our deployment include applications human interact with > then *system* concept goes wider. In this case OS survival is not > equal to *system* survival. When users/orgs lost their data or facing > *system* malfunction they don't care that underlining OS did > survive and not compromised. I think that in wider *system* concept > idea to bring to OS fine tuned users accounting that will be shared between > applications have to be considered. Well, a user might care if another user steals the former's data in a misconfigured system by bypassing application admission control and going straight to the OS! Like I said before, by the sound of it, what you want is either RFC4422 (aka SASL), or PAM, if you really have to! Best, -- Igor M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADWvR2iHf8okb1AqERCMTD-m0Ksf=6qqLQK6Zz1HaOcQq%2BfcaA>