We had a program we called afs-sudo. I don't know the origin. but I
don't think it was passwordless.
It appears there might be afs support in sudo already.
http://www.sfr-fresh.com/unix/misc/sudo-1.7.4p4.tar.gz:a/sudo-1.7.4p4/auth/afs.c
Quoting Andrew Deason <adea...@sinenomine.net>:
On Fri, 17 Dec 2010 16:35:38 +0100
Anders Magnusson <ra...@ltu.se> wrote:
> This doesn't require you to enter a password for a release, though,
> which I assumed John wanted (it might help to say which specific
> aspects of 'sudo' you're looking for). That is, you can still 'kinit
> foo/admin' and walk away and someone else can vos whatever.
Eh, how? You loses your pag when kinit exits, so no credentials
left...?
As long as you're using that script. Nothing prevents you from acquiring
admin credentials manually and then doing whatever you want.
I'm also assuming he wants to restrict the user to a certain subset of
operations, or to be able to release a certain subset of volumes (like
Russ' afs-backend scripts). You can't just give someone an admin
principal for that.
--
Andrew Deason
adea...@sinenomine.net
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
--
"The information in this email, and attachment(s) thereto, is strictly
confidential and may be legally privileged. It is intended solely for
the named recipient(s), and access to this e-mail, or any
attachment(s) thereto, by anyone else is unauthorized. Violations
hereof may result in legal actions. Any attachment(s) to this e-mail
have been checked for viruses, but please rely on your own
virus-checker and procedures. If you contact us by e-mail, we will
store your name and address to facilitate communications in the matter
concerned. If you do not consent to us storing your name and address
for above stated purpose, please notify the sender promptly. Also, if
you are not the intended recipient please inform the sender by
replying to this transmission, and delete the e-mail, its
attachment(s), and any copies of it without, disclosing it."
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
