On Wed, 18 Sep 1996 09:22:12 -0400 (EDT) "Brian W. Spolarich" wrote:
>
> I found arc, the perl-based utility from CERN, but the docs are
> nonexistent, and I'm having problems getting the thing to compile (I can't
> resolve some of the library references and I don't know the Kerberos or
> AFS libraries very well).
>
> ADM uses scheme to define the protections, right?
>
> Essentially what I'm looking to do is define rules that say that, for
> example, user "fred" can vos release all volumes that begin with
> "content.fred" as their names, etc. Is this something doable with ADM?
Yes. I've defined a rule that says that all members of groups named
"release:<volumename>" can release <volumename>. I also allow the group
"release" (or its members, really) to release *any* volume. I can
forward the scheme code to this if you like.
There are some drawbacks to this approach. Namely it requires giving one
access to release any volume in the cell, or creating a separate group for
each volume. Since you can't have nested groups, this is administratively
inconvenient. This is one of the main reasons why I wish to rewrite this
system. To support more flexibility configurable database is really needed.
-- Garrett.
>
> -b.
>
> On Tue, 17 Sep 1996, Derrick J. Brashear wrote:
>
> >
> > > You probably actually want ADM not EMT. So far as I recall,
> > > EMT uses ADM to do vos releases. ADM is essentially a secure
> > > scheme interpreter that you program with your policy, in scheme,
> > > ADM provides as scheme primitives, the various AFS RPC's, so your
> > > policy code can then invoke the appropriate function as needed.
> > > The last I recall, it didn't quite look like the ADM people had
> > > caught up with the latest AFS 3.x release. That was a long
> > > time ago however (pre AFS 3.3a), so hopefully it's no longer true.
> >
> > I ported most of it to AFS 3.4a, and someone else completed the port. It
> > *should* just work, though I'm not sure the newest source made it onto the
FTP
> > site. I'll check later.
> >
> > -D
> >
> >
>
> --
> Brian W. Spolarich - ANS - [EMAIL PROTECTED] - (313)677-7311
> And if I die before I learn to speak,
> Will money pay for all the days I lived awake but half asleep?
>
