Re: Plethora of gradebooks, grade change audit.

[thi <ttn@mingle.glug.org>]

Matt Wimer writes:

 > These are two differnet types of authentication.  Pam gives rights to
 > underprivileged processes while what we want is some way to restrict
 > the rights for a privliged user.
 > 
 > This can't be done effectivly.  At least i don't think there is any
 > real way to have even 99% security that way.

because these are two specific types of authentication, a general
authentication framework can be useful.  to use it, one could implement
multiple levels of authority, each granting less-authoritative levels
specified rights.  processes and users can be viewed synonymously.  i'll
go read up some more about PAM before asserting anything else...

thi