RBAC: Limit Roles from Name Service (NIS/LDAP) to a servergroup
Hi out there - it is my first question in this community.....;-)
I do want to configure RBAC database files centralized on a NIS server.
Now I need roles, like shutdown for a certain usergroup on a limited group of servers, but all servers are in the same NIS domain.
What would be the best practice solution to reach this goal?
Currently we are discussing to configure at least 'user_attr' locally on each server, to avoid su - role on certain servers.
Our NIS server is still running Solaris 9, while all other servers are Solaris 10. It is also planned to migrate NS to LDAP in the next future.
I do want to configure RBAC database files centralized on a NIS server.
Now I need roles, like shutdown for a certain usergroup on a limited group of servers, but all servers are in the same NIS domain.
What would be the best practice solution to reach this goal?
Currently we are discussing to configure at least 'user_attr' locally on each server, to avoid su - role on certain servers.
Our NIS server is still running Solaris 9, while all other servers are Solaris 10. It is also planned to migrate NS to LDAP in the next future.
0