[OpenAFS] pts groups -> unix groups

[Stephen Joyce]

I'm installing a new workstation for a group of my users and it has a large 
direct attached raid... I'd rather they store their data in AFS, but the 
quantity of data and their required transfer rates dictate the DAS, so I 
agree with their decision.

Anyway, to control access to their data, they're going to want unix groups 
with similar levels of granularity and end-user configurability that 
they're used to with AFS PTS groups.

Does anyone have a solution to use AFS PTS group memberships for unix 
groups? My first impulse was to regenerate /etc/group periodically with 
userlists obtained from PTS group memberships. Has anyone written such a 
script already?

It actually seems that there should be an easier solution. Is there a way 
to use PTS groups from nsswitch.conf directly?

This seems like a problem that someone has likely solved before, so I 
wanted to ask before re-solving it. (Actually, it'd be nice if I could 
store the groups in ldap and have both AFS and unix be able to use them.)

Cheers, Stephen
--
Stephen Joyce
Systems Administrator                                            P A N I C
Physics & Astronomy Department                         Physics & Astronomy
University of North Carolina at Chapel Hill         Network Infrastructure
voice: (919) 962-7214                                        and Computing
fax: (919) 962-0480                               http://www.panic.unc.edu