1,730,921 research outputs found
Improved Integration of SSSD and SUDO
The purpose of this thesis is to improve integration between SUDO and SSSD with a fo- cus on improved support of SUDO rules stored on an FreeIPA server in the native IPA SUDO scheme. It presents documentation of LDAP SUDO provider and also the design and implementation of a native IPA SUDO provider. The designed provider eliminates an unnecessary overhead of exporting SUDO rules from IPA SUDO schema to native LDAP SUDO scheme on an FreeIPA server
Improved Integration of SSSD and SUDO
The purpose of this thesis is to improve integration between SUDO and SSSD with a fo- cus on improved support of SUDO rules stored on an FreeIPA server in the native IPA SUDO scheme. It presents documentation of LDAP SUDO provider and also the design and implementation of a native IPA SUDO provider. The designed provider eliminates an unnecessary overhead of exporting SUDO rules from IPA SUDO schema to native LDAP SUDO scheme on an FreeIPA server
Recommended from our members
Vsys: A Programmable sudo
We present Vsys, a mechanism for restricting access to privileged operations, much like the popular sudo tool on UNIX. Unlike sudo, Vsys allows privileges to be constrained using general-purpose programming lan- guages and facilitates composing multiple system ser- vices into powerful abstractions for isolation. In use for over three years on PlanetLab, Vsys has enabled over 100 researchers to create private overlay networks, user- level file systems, virtual switches, and TCP-variants that function safely and without interference. Vsys has also been used by applications such as whole-system monitoring in a VM. We describe the design of Vsys and discuss our experiences and lessons learned
Recommended from our members
Authentication on Untrusted Remote Hosts with Public-key Sudo
Two common tools in Linux- and UNIX-based environments are SSH for secure communications and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this paper, we describe a weakness in their interaction and present our solution, public-key sudo. Public-key sudo1 is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. We describe our implementation of a BSD SSH authentication module and the SSH modifications required to use this module
Japanese Style: Sustaining Design - Reiko Sudo
The article reviews the exhibit Japanese Style: Sustaining Design by Reiko Sudo at the Ruthin Craft Centre
The SUDO Framework: For Data Organization And Efficient Query Authorization For NoSQL Databases
Due to the variety of NoSQL databases and database models, along with their schemaless nature, it has been a challenge to develop a framework that can enforce fine-grained access control policies and can be applicable to multiple NoSQL databases ranging over a variety of database models. In this thesis we present SUDO: Semi- / Unstructured Data Organization Framework for defining pseudo-dynamic schemata. The SUDO framework is comprised of four main features. i) SUDO is designed to be applicable to multiple NoSQL database technologies and models. ii) SUDO operates between the database and the application layer. iii) SUDO provides the tools for defining a pseudo-dynamic schema for databases with semi-structured or unstructured data. The pseudo-dynamic schema is based on Description Logic ontology. iv) SUDO provides the tools for validating database queries against that pseudo-dynamic schema and weaving queries and access control policies to simultaneously evaluate and authorize the query results.We present the SUDO framework in three parts. First, we present AReBAC, an attribute-supporting ReBAC model for Neo4j, a graph database. AReBAC focuses on weaving queries and policies for efficient authorization. AReBAC is also accompanied by GP-Eval, a query evaluation algorithm that surprisingly performs orders of magnitudes faster than the Cypher query evaluation engine provided by Neo4j, and introduces a new constraint satisfaction programming technique that we dubbed Live-End Backjumping. Next, we present SUDO as a framework for MongoDB, a document-based database. At this stage we focus on defining a pseudo-dynamic schema for a MongoDB state, and validating database queries against the pseudo-dynamic schema. Finally, we further extend SUDO by presenting a set of relations between queries and polices required to weave the two together and form a query that simultaneously evaluates and authorizes the query results. We also present a set of tests to verify if a query and a policy are compatible with each other, and identify the reason for incompatibility (if any). We then generalize SUDO so that it is not only specific to MongoDB, by presenting AReBAC as an extension of SUDO, and applying SUDO to Cassandra, a wide-column database
- …
