[OpenAFS] Re: AFS version of sudo for admin ?
Andrew Deason
adeason@sinenomine.net
Fri, 17 Dec 2010 09:39:46 -0600
On Fri, 17 Dec 2010 16:35:38 +0100
Anders Magnusson <ragge@ltu.se> wrote:
> > This doesn't require you to enter a password for a release, though,
> > which I assumed John wanted (it might help to say which specific
> > aspects of 'sudo' you're looking for). That is, you can still 'kinit
> > foo/admin' and walk away and someone else can vos whatever.
>
> Eh, how? You loses your pag when kinit exits, so no credentials
> left...?
As long as you're using that script. Nothing prevents you from acquiring
admin credentials manually and then doing whatever you want.
I'm also assuming he wants to restrict the user to a certain subset of
operations, or to be able to release a certain subset of volumes (like
Russ' afs-backend scripts). You can't just give someone an admin
principal for that.
--
Andrew Deason
adeason@sinenomine.net