Proposition for new remctl ACL scheme / group support
Remi Ferrand
remi.ferrand at cc.in2p3.fr
Sun Apr 6 05:14:19 EDT 2014
Le 05/04/2014 21:34, Russ Allbery a écrit :
> This is pretty much where people talk about remctl. I can create a new
> mailing list if the traffic gets too annoying for other Kerberos folks,
> but I kind of like having a broader audience as long as others don't mind.
>
> Remi FERRAND <remi.ferrand at cc.in2p3.fr> writes:
>
>> We were unable to find a simple way to do this with the current remctl
>> ACL methods, that's why we've submited a first patch
>> (https://github.com/rra/remctl/pull/1). This patch introduces a new ACL
>> method named "unxgrp" and is still not merged in master. It was an easy
>> (and fast to write) answer to our problematic.
> Oh, I forgot to comment on one thing: would it cause you a bunch of
> problems if I renamed that ACL to "localgroup"? I try to avoid cryptic
> abbreviations if possible, and I think it's worth emphasizing that this is
> a group based on the local version of the principal. (Although I could
> probably be talked into "unixgroup".)
No problem at all, feel free to change the ACL scheme name.
From my point of view "unixgroup" is more suited in this very case as
"localgroup" could be confusing for people that would like to use some
other "groups" backends (non local ones) also supported by libnss such
as LDAP; but I agree with your "local" argument that explicits the
"principal" to "local version" translation.
I would say that as long as the documentation (man page) is explicit
enough (I should have written some more maybe), whatever the name is,
users will understand what they could use this ACL scheme for.
> Other than that, I'm hoping to merge that soon. Thank you for your work!
Perfect, thank you for that, and more personnaly I'd like to thank you
for you work on the whole remctl project.
In daily tasks, it's just a real pleasure to work with your software,
and it was actually the same pleasure for me to dig into the source code
and extand it :-)
Cheers
Rémi
---
Ce courrier électronique ne contient aucun virus ou logiciel malveillant parce que la protection avast! Antivirus est active.
http://www.avast.com
More information about the Kerberos
mailing list