[OpenAFS] PTS membership (or existence) based on external data?

[Stephen Joyce]

Hello,

Has anyone written a script or utility to add/remove PTS entries (either 
membership in PTS groups or actual existence of the PTS user account would 
be acceptable) from an external database, based on date?

My AFS cell is in the middle of transitioning from authenticating against a 
departmental KRB5 realm to authenticating against a central University-wide 
KRB5 realm. I'd like to be able to continue to have the ability to expire 
students' access to resources automatically--when their affiliation with 
the Department expires: at the end of a semester, research project, etc.

So I thought I'd ask if anyone has an in-house tool, querying expiration 
dates from an external source such as a non-authoritative KDC, SQL, etc) 
and is willing to share, before I possibly reinvent the wheel.

And if there's a simpler solution I'm overlooking here, I'm interested in 
knowing that too!

Cheers, Stephen
--
Seen on Pavlov's door: "Knock. Don't ring bell."