[OpenAFS] "vos dump" authorization based on "bos adduser"?

[Ken Hornstein]

>However, it seems that the volserver bases "vos dump" permission on
>whether or not a user's key is in the "bos adduser" list rather than
>whether or not they are in system:administrators.  Is there a reason
>for this?

I always assumed that was because the volserver doesn't normally need to
talk to the ptserver to look up group membership, so they didn't want
to add a ptserver dependency to the volserver.

>Actually, now that I think about it, if all the ptserver instances are
>down, how would an admin be able to aklog (in order to run bos commands)?

You don't actually need the ptserver up to run aklog (check out the
-noprdb flag).

--Ken