[36012] in Kerberos
Re: Proposition for new remctl ACL scheme / group support
daemon@ATHENA.MIT.EDU (Jeffrey Altman)
Sat Apr 5 19:45:11 2014
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kerberos@mit.edu
Message-ID: <53409577.4030107@secure-endpoints.com>
Date: Sat, 05 Apr 2014 19:44:55 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
MIME-Version: 1.0
To: Remi FERRAND <remi.ferrand@cc.in2p3.fr>, kerberos@mit.edu
In-Reply-To: <1222371136.1054984.1396710172780.JavaMail.zimbra@cc.in2p3.fr>
Content-Type: multipart/mixed; boundary="===============0633060339=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============0633060339==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms090205090900010609070506"
This is a cryptographically signed message in MIME format.
--------------ms090205090900010609070506
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 4/5/2014 11:02 AM, Remi FERRAND wrote:
> As we were writing this peace of code we thought that at CC-IN2P3 we ar=
e using OpenAFS.
> AFS brings a PTS DB that could be used as a convenient way to distribut=
e groups.
>=20
> For instance with the PTS group above:
>=20
>>>> % pts mem remctl:testgrp -expand
>>>> Expanded Members of remctl:testgrp (id: -6556) are:
>>>> user1
>>>> user2
>=20
> we could be able to use the following ACL in remctl configuration file:=
>=20
>>>> pts_group:remctl:testgrp
>=20
> to allow user1 and user2 to execute a command.
>=20
>=20
> Before any further development, we'd like to know if someone could be i=
nterested in that feature ?
> Does someone think that we absolutely shouldn't do that ?
> If so we'll talk later of the implementation.
I think there would be a lot of interest for this in the OpenAFS
community.
Jeffrey Altman
--------------ms090205090900010609070506--
--===============0633060339==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0633060339==--
