Proposition for new remctl ACL scheme / group support
Remi Ferrand
remi.ferrand at cc.in2p3.fr
Tue Apr 8 11:23:49 EDT 2014
Hi,
Yesterday, I just did a version that does what we want and I've
completed integration with autotools as well.
I've identified and tested two main ways to integrate PTS group
membership lookup in remctl:
* By using *pr_IsAMemberOf()* (1)
* By manually comparing username to group members retrieved with
*pr_IDListExpandedMembers()* (2)
Both methods I used were detailed in [1] and identified as
remctl_acl_check_pts_with_pr_IsAMemberOf.c (1) and
remctl_acl_check_pts_without_pr_IsAMemberOf.c (2).
They're basically just hacks of OpenAFS source code.
Before going further I'd like to know If you have any comments or
remarks regarding the implementation choices I've made.
Thanks
Cheers
[1] https://gist.github.com/riton/f56329252e885275aa5e
--
Remi Ferrand | Institut National de Physique Nucleaire
Tel. +33(0)4.78.93.08.80 | et de Physique des Particules
Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/
More information about the Kerberos
mailing list