[OpenAFS] Re: AFS version of sudo for admin ?

omalleys@msu.edu omalleys@msu.edu
Fri, 17 Dec 2010 15:35:07 -0500


We had a program we called afs-sudo. I don't know the origin. but I  
don't think it was passwordless.

It appears there might be afs support in sudo already.
http://www.sfr-fresh.com/unix/misc/sudo-1.7.4p4.tar.gz:a/sudo-1.7.4p4/auth/afs.c


Quoting Andrew Deason <adeason@sinenomine.net>:

> On Fri, 17 Dec 2010 16:35:38 +0100
> Anders Magnusson <ragge@ltu.se> wrote:
>
>> > This doesn't require you to enter a password for a release, though,
>> > which I assumed John wanted (it might help to say which specific
>> > aspects of 'sudo' you're looking for). That is, you can still 'kinit
>> > foo/admin' and walk away and someone else can vos whatever.
>>
>> Eh, how?  You loses your pag when kinit exits, so no credentials
>> left...?
>
> As long as you're using that script. Nothing prevents you from acquiring
> admin credentials manually and then doing whatever you want.
>
> I'm also assuming he wants to restrict the user to a certain subset of
> operations, or to be able to release a certain subset of volumes (like
> Russ' afs-backend scripts). You can't just give someone an admin
> principal for that.
>
> --
> Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>



-- 
"The information in this email, and attachment(s) thereto, is strictly  
confidential and may be legally privileged. It is intended solely for  
the named recipient(s), and access to this e-mail, or any  
attachment(s) thereto, by anyone else is unauthorized. Violations  
hereof may result in legal actions. Any attachment(s) to this e-mail  
have been checked for viruses, but please rely on your own  
virus-checker and procedures. If you contact us by e-mail, we will  
store your name and address to facilitate communications in the matter  
concerned. If you do not consent to us storing your name and address  
for above stated purpose, please notify the sender promptly. Also, if  
you are not the intended recipient please inform the sender by  
replying to this transmission, and delete the e-mail, its  
attachment(s), and any copies of it without, disclosing it."