[OpenAFS] Re: AFS version of sudo for admin ?
Fri, 17 Dec 2010 09:39:46 -0600
On Fri, 17 Dec 2010 16:35:38 +0100
Anders Magnusson <email@example.com> wrote:
> > This doesn't require you to enter a password for a release, though,
> > which I assumed John wanted (it might help to say which specific
> > aspects of 'sudo' you're looking for). That is, you can still 'kinit
> > foo/admin' and walk away and someone else can vos whatever.
> Eh, how? You loses your pag when kinit exits, so no credentials
As long as you're using that script. Nothing prevents you from acquiring
admin credentials manually and then doing whatever you want.
I'm also assuming he wants to restrict the user to a certain subset of
operations, or to be able to release a certain subset of volumes (like
Russ' afs-backend scripts). You can't just give someone an admin
principal for that.