Project

General

Profile

Feature #2323

Better method for authenticating samadmin commands

Added by Robert Illingworth almost 8 years ago. Updated almost 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
12/16/2011
Due date:
% Done:

0%

Estimated time:
Duration:

Description

[Originally JIRA SAMDEV-64]

The current method for authenticating samadmin commands is not very secure and won't work with Kerberos authentication of database accounts.

omniORB supports CORBA over SSL, so one option would be to require this for admin commands. We already have certificate subjects mapping to SAM users in the DB; we would require a new table listing which SAM users are allowed to run admin commands. The DB server would then have to confirm that the provided subject belonged to a user on the permitted list before running commands.

History

#1 Updated by Robert Illingworth almost 7 years ago

  • Status changed from New to Rejected

Probably won't fix this. SAMWeb does authentication and authorization better.



Also available in: Atom PDF