On 3/2/2011 2:02 PM, Randall Hansen wrote:
Good people ~
Role-based access will be one of the next big features in Dashboard. If this
is something that would help you, will you tell me the minimum features that
you would consider useful? That is, the features without which RBAC would be
useless to you.
One general feature I've missed in other RBAC style systems is the ability to
use external authentication either with or without external authorization. The
reason why, is that centralized password management may or may not fall in the
same organizational unit as management of a particular puppet server.
So for example, let's say that dashboard is configured to use LDAP auth. In a
place where all of IT is one big happy family, the same LDAP server might also
return a list of roles to assign to a given user.
In a more fragmented organization, however, whoever runs the central LDAP server
may be unable or unwilling to delegate out control of the Dashboard role
attributes to the puppet administrators, or possibly even to create the
attributes in the first place. In this scenario, it would be far more useful to
simply use LDAP to verify usernames and passwords, and then consult internal
records to assign a list of roles.
Not that I've pounded my head against products that didn't support this kind of
split, or anything.
--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
