jarl van katwijk wrote: > > We needed those to authorize DL's to login. Now this is where my problem > begins: who should be able to grant others access? > > So we need some form of access level in the vsh system, how do we > organize them? I copied a 'root' system like unix uses, so only the 1th DL > can authorize others. But maybe we do need a more sophisticated system, > something that not only allows DL's access, but also grants them the ability > to grant access to others. I haven't thought about this at all. I'm not a security expert, but wouldn't 'passable access/authentication' be opening up a pandora's box? You'll never know who has access to your system. I think another thing to consider is whether or not a mere user can grant access. Perhaps only the system administrator should be allowed to do this. This is the opposite extreme of Jarl's proposal. Thoughts? Jeff -- +----------------------------------+ | J.W. Bizzaro | | | | http://bioinformatics.org/~jeff/ | | | | BIOINFORMATICS.ORG | | The Open Lab | | | | http://bioinformatics.org/ | +----------------------------------+