This class encapsulates an N-eyes based authorization method, which means that connections are authorized if other administrators authenticate themselves within the defined timelimits.
When NEyesAuthorization
is used, the client trying to access
the service has to be authorized by another (already authorized) client (this
authorization chain can be expanded to multiple levels).
NEyesAuthorization
can only be used in conjunction with another
NEyesAuthorization
policy. One of them is the
authorizer set to authorize the authorized
policy.
In a simple 4-eyes scenario the authorizer policy points to the
authorized policy in its Authorization policy
parameter, and has
its wait_authorization
parameter
disabled. The authorized policy has an empty
Authorization policy
parameter (meaning that it is at lower the
end of an N-eyes chain), and has its wait_authorization
parameter enabled, meaning that it has to be authorized by another
policy.
For examples on using the NEyesAuthorization class, see the Proxying secure channels - SSH tutorial available from the BalsSys Documentation Page at http://www.docs.balasys.hu/.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu