[OpenAFS] PTS membership (or existence) based on external data?
Fri, 21 Jan 2011 11:36:44 -0500 (EST)
Has anyone written a script or utility to add/remove PTS entries (either
membership in PTS groups or actual existence of the PTS user account would
be acceptable) from an external database, based on date?
My AFS cell is in the middle of transitioning from authenticating against a
departmental KRB5 realm to authenticating against a central University-wide
KRB5 realm. I'd like to be able to continue to have the ability to expire
students' access to resources automatically--when their affiliation with
the Department expires: at the end of a semester, research project, etc.
So I thought I'd ask if anyone has an in-house tool, querying expiration
dates from an external source such as a non-authoritative KDC, SQL, etc)
and is willing to share, before I possibly reinvent the wheel.
And if there's a simpler solution I'm overlooking here, I'm interested in
knowing that too!
Seen on Pavlov's door: "Knock. Don't ring bell."