> This whole thread is basically one of designing
> a versitaille authorization engine for login.

It's not at all clear that most of the people involved in the thread
_want_ a 'general' authorization engine...  They simply want a
versatile means of changing ownership of devices (and doing related
actions) at login and logout time.

It doesn't seem unreasonable to me, to decompose the authorization
question into two questions:

	Should the user have any access to the system at all
		(at this time of day, via this tty, etc.)?

and, after that has been established affirmatively:

	What actions should be taken on login or logout to
		be sure that the appropriate access has
		been granted?


These proposals are trying to solve the latter problem, not the
former.  There probably should be a way to answer the former question,
but in my opinion it should be independent of the answer to the
latter.  I can easily see many people trying to set up scripts to answer
the latter question... but relatively few trying to answer the former.

Yes, the answers two the two questions can be related (e.g. "bob
should be allowed access to the system from 10AM to 10PM every day,
but allowed access to the tape drive only if he logs in after 5PM on
weekends"), but it's _still_ not clear to me that there's a need to
add the complexity necessary to solve them both at the same time.

There's also the question of error handing...  for instance, an error
in the login scripts granting access to certain devices isn't a big
problem; you could just syslog about it and let the user log in.
However, an error in the script/program/whatever determining _if_ a
user can log in at a given time _is_ a big problem, i.e. if that
script fails, fail safe is "don't let anybody log in."  It seems that
from an error handling and complexity standpoint alone, you could very
well want the two mechanisms to be seperate.


cgd