[OpenAFS] Features great and small

Derrick J Brashear shadow@dementia.org
Mon, 30 Jul 2001 11:56:26 -0400 (EDT)


On Mon, 30 Jul 2001, Charles Karney wrote:

> * kas should take the password from the terminal not from stdin, this would
>   allow
> 
>     kas -admin admin < file
>     Administrator's (admin) Password:
> 
>   to be used to issue multiple kas commands safely.  Currently it uses the
>   first line in the file as the password!  For obvious reasons I don't want
>   to use
> 
>     kas -admin admin -password xxxx

given that people may script it the other way we have to be careful about
this change as it is in fact an incompatiblity (though perhaps a
desireable one)

>      kas create ... -copy_password admin
> 
>   to allow the password to be copied from the administrator's account so
>   that the adminitstrator and the user can jointly use kpasswd to update
>   the password at a later time.

if it's a joint operation, why can't the admin just run kas change for the
user to change it later?

> * uss has an unnecessary eight-character limit on user names.  I only know
>   about this for the Transarc version.  In fact, I find the whole uss
>   mechanism to be rather clumsy, and have since started using my own scripts
>   to set up accounts.

ours is unchanged

> * The default password for "uss add" should be disabled, not the string
>   "changeme".  (What were the coders of uss thinking about?)

the internet was a different place when AFS was designed

> * It's frequently necessary to change the ACL on a whole directory tree and
> 
>     find . -noleaf -type d -print0 | xargs -0r fs sa -acl NEWACL -dir
> 
>   is rather a mouthful.  How about
> 
>     fs setacl -dir dir+ -acl acl+ -recursive [-onevolume]

is
ws dirpath -d "fs sa %f system:anyuser rl someuser write"
reasonable? i should see what the license on ws (walk subtree) is