On Fri, 17 Dec 2010 16:35:38 +0100
Anders Magnusson <ra...@ltu.se> wrote:

> > This doesn't require you to enter a password for a release, though,
> > which I assumed John wanted (it might help to say which specific
> > aspects of 'sudo' you're looking for). That is, you can still 'kinit
> > foo/admin' and walk away and someone else can vos whatever.
>
> Eh, how?  You loses your pag when kinit exits, so no credentials
> left...?

As long as you're using that script. Nothing prevents you from acquiring
admin credentials manually and then doing whatever you want.

I'm also assuming he wants to restrict the user to a certain subset of
operations, or to be able to release a certain subset of volumes (like
Russ' afs-backend scripts). You can't just give someone an admin
principal for that.

-- 
Andrew Deason
adea...@sinenomine.net

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to