Changes
Page history
clarify how LDAP works correctly
authored
Nov 23, 2020
by
anarcat
Show whitespace changes
Inline
Side-by-side
policy/tpa-rfc-7-root.md
View page @
caec08fc
...
@@ -24,7 +24,8 @@ There are multiple possible access levels, often conflated:
...
@@ -24,7 +24,8 @@ There are multiple possible access levels, often conflated:
runs as root everywhere
runs as root everywhere
4.
LDAP admin: a user member of the
`adm`
group in LDAP also gets
4.
LDAP admin: a user member of the
`adm`
group in LDAP also gets
access everywhere through
`sudo`
, but also through being able to
access everywhere through
`sudo`
, but also through being able to
impersonate or modify other users in LDAP
impersonate or modify other users in LDAP (although that requires
shell access to the LDAP server, which normally requires root)
5.
password manager access: a user's OpenPGP encryption key is added
5.
password manager access: a user's OpenPGP encryption key is added
to the
`tor-passwords.git`
repository, which grants access to
to the
`tor-passwords.git`
repository, which grants access to
various administrative sites, root passwords and cryptographic
various administrative sites, root passwords and cryptographic
...
...
...
...
