[OpenAFS] Re: AFS version of sudo for admin ?
Fri, 17 Dec 2010 15:35:07 -0500
We had a program we called afs-sudo. I don't know the origin. but I
don't think it was passwordless.
It appears there might be afs support in sudo already.
Quoting Andrew Deason <email@example.com>:
> On Fri, 17 Dec 2010 16:35:38 +0100
> Anders Magnusson <firstname.lastname@example.org> wrote:
>> > This doesn't require you to enter a password for a release, though,
>> > which I assumed John wanted (it might help to say which specific
>> > aspects of 'sudo' you're looking for). That is, you can still 'kinit
>> > foo/admin' and walk away and someone else can vos whatever.
>> Eh, how? You loses your pag when kinit exits, so no credentials
> As long as you're using that script. Nothing prevents you from acquiring
> admin credentials manually and then doing whatever you want.
> I'm also assuming he wants to restrict the user to a certain subset of
> operations, or to be able to release a certain subset of volumes (like
> Russ' afs-backend scripts). You can't just give someone an admin
> principal for that.
> Andrew Deason
> OpenAFS-info mailing list
"The information in this email, and attachment(s) thereto, is strictly
confidential and may be legally privileged. It is intended solely for
the named recipient(s), and access to this e-mail, or any
attachment(s) thereto, by anyone else is unauthorized. Violations
hereof may result in legal actions. Any attachment(s) to this e-mail
have been checked for viruses, but please rely on your own
virus-checker and procedures. If you contact us by e-mail, we will
store your name and address to facilitate communications in the matter
concerned. If you do not consent to us storing your name and address
for above stated purpose, please notify the sender promptly. Also, if
you are not the intended recipient please inform the sender by
replying to this transmission, and delete the e-mail, its
attachment(s), and any copies of it without, disclosing it."