Proposition for new remctl ACL scheme / group support
Jeffrey Altman
jaltman at secure-endpoints.com
Sat Apr 5 19:44:55 EDT 2014
On 4/5/2014 11:02 AM, Remi FERRAND wrote:
> As we were writing this peace of code we thought that at CC-IN2P3 we are using OpenAFS.
> AFS brings a PTS DB that could be used as a convenient way to distribute groups.
>
> For instance with the PTS group above:
>
>>>> % pts mem remctl:testgrp -expand
>>>> Expanded Members of remctl:testgrp (id: -6556) are:
>>>> user1
>>>> user2
>
> we could be able to use the following ACL in remctl configuration file:
>
>>>> pts_group:remctl:testgrp
>
> to allow user1 and user2 to execute a command.
>
>
> Before any further development, we'd like to know if someone could be interested in that feature ?
> Does someone think that we absolutely shouldn't do that ?
> If so we'll talk later of the implementation.
I think there would be a lot of interest for this in the OpenAFS
community.
Jeffrey Altman
More information about the Kerberos
mailing list