[tac_plus] Re: Redesign? (Was: Different privs for different devices?)

[Paul Floyd]

> IMHO using a  relational database would be the most elegant

>  solution to store user  attributes.
> In this case arbitrary  complex conditionals might be  composed.
> E.g. "user 'bill' will  get level 15 privileges in  worktime
> logging in on the console  port of certain 3 NAS-es but
> level 1 in  other cases".

I'm  probably missing something obvious, but is there a reason you couldn't 
accomplish  the same thing by allowing a user to be a member of two independent 
groups?   Obviously tac_plus would have to be modified to allow that, but that 
sounds  to me like it would be a lot easier than rewriting the whole backend to 
use an RDB.