On Tue, 30 Oct 2012 11:33:22 -0400, Francois Labreque wrote:

>> BTW, some commercial Unixes like HP-UX do provide proper ACLs (they
>> even use that very term for the feature).
>>
>>
> And recen versions of Novell's NDS are exactly that too.

Well, Novell's product (actually, NetIQ's product now - since they were 
acquired by Attachmate last May and the identity products have mostly 
shifted to the NetIQ business unit) is eDirectory, and it doesn't do 
filesystem permissions - it manages the identities used in filesystem 
permission entries in the directory entry tables in NSS and TFS volumes.

I wonder, though, how difficult it would be to use eDir identities as 
part of *nix ACLs - probably not hard, just need the RFC2307 (IIRC) 
extensions installed to map uid/gid to the OS, and integrate pam 
authentication with the LDAP server. :)

Jim

Post a reply to this message