Subject: Grouper Users - Open Discussion List
- From: Jim Fox <>
- To: "Michael R. Gettes" <>
- Cc: "" <>
- Subject: Re: [grouper-users] host subjects anyone?
- Date: Mon, 14 Oct 2013 14:44:24 -0700 (PDT)
Has anyone used group to manage groups of hosts and to link people/groups of
people to hosts?
We do a couple of things like that.
1) We allow DNS names as subjects.
The subject database is automatically populated whenever we get
a subject that looks like a dns name and can be resolved to a ip
address. These subjects are then treated like any other, and can
be members or admins of a group. Our groups web service allows a
client to connect with a certificate. The CN from that certificate
is used to identify the subject.
2) We also use groups to augment our database of DNS 'ownership'.
We have a service that tells whether or not a netid (our generid user id)
has control of a DNS name. To add outside users to that,
for some services only, we define a group, e.g.
Members of that group are also considered to be the dns's 'owners'.
This way we can allow, say,
to manage resources
for the domain, 'some.dns.uw.edu'.
- [grouper-users] host subjects anyone?, Michael R. Gettes, 10/14/2013
Archive powered by MHonArc 2.6.16.