ACL for a network device

Question

Hi,

I need to implement ACL based authentication mechanism for a device. This device can be accessed through various interfaces like web pages, TL1 (basically through some command prompt) etc.

I need to keep ACL logic centralized so that request from any interface can be authenticated.

ACL logic would basically check whether the logged in user can perform the operation he is trying to perform. For this I will create groups and add users to these groups. Each group would maintain list of operation allowed under that particular group.

Can someone suggest be the best way to implement this?

Is there any existing software/tool that allows me to achieve this? Any open source project?

I am a C/C++ programmer and a newbie to the ACL concept. Above mentioned module is to be developed for Linux OS. Web interface will be in CGI.

Thanks in advance.

Answer 1

Thanks for the reply and sorry for not being clear.

The device is basically a optical switch which can also support a range of physical layer optical devices. Device will have several cards to which I can attach various peripherals.

I need ACL to control the user access to these peripherals like user U1 can perform operations on peripheral P1 but not on P2. Operation can be anything like acknowledging the alarm raised by P1 or upgrading the firmware of P1 or viewing logs generated by P1. I would also need to have access control over various operations user can perform on one peripheral.

I am assuming ACL is not just used for controlling the access level of file system.

Please let me know if you need more information.

Thanks.