[OpenAFS] Re: "vos dump" authorization based on "bos adduser"?
Derrick J Brashear
Thu, 7 Jun 2007 23:19:14 -0400 (EDT)
On Thu, 7 Jun 2007, Adam Megacz wrote:
> Derrick J Brashear <firstname.lastname@example.org> writes:
>>>>> Actually, now that I think about it, if all the ptserver instances are
>>>>> down, how would an admin be able to aklog (in order to run bos commands)?
>>>> -localauth. (but aklog doesn't *require* ptserver; see afslog)
>>> But localauth doesn't even require the "bos adduser" list...
>>> I guess I'm just wondering if the bos userlist can be eliminated and
>>> bosserver/volserver can use system:administrators instead. I'll write
>>> up a patch adding an option for this unless there's some reason why
>>> this is a Very Bad Idea.
>> bosserver can't depend on ptserver..
> I think we're going in circles here... didn't you indicate above that
> "-localauth" should be used in situations where bosserver must be used
> without any running ptservers?
That's bos. i said "bosserver can't depend on ptserver".
Your mind is going in circles, my explanation is not.
How does the bosserver decide you're eligible if there's no ptserver?
Well, it times out and then just allows localauth. Timeout. Ick.