[36018] in Kerberos
Re: Proposition for new remctl ACL scheme / group support
daemon@ATHENA.MIT.EDU (Remi Ferrand)
Tue Apr 8 11:24:15 2014
Message-ID: <53441485.6040506@cc.in2p3.fr>
Date: Tue, 08 Apr 2014 17:23:49 +0200
From: Remi Ferrand <remi.ferrand@cc.in2p3.fr>
MIME-Version: 1.0
To: Russ Allbery <eagle@eyrie.org>,
Jeffrey Altman <jaltman@secure-endpoints.com>
In-Reply-To: <87siprxrdj.fsf@windlord.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============1152411835=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============1152411835==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha1; boundary="------------ms080003040704090600020004"
This is a cryptographically signed message in MIME format.
--------------ms080003040704090600020004
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
Yesterday, I just did a version that does what we want and I've
completed integration with autotools as well.
I've identified and tested two main ways to integrate PTS group
membership lookup in remctl:
* By using *pr_IsAMemberOf()* (1)
* By manually comparing username to group members retrieved with
*pr_IDListExpandedMembers()* (2)
Both methods I used were detailed in [1] and identified as
remctl_acl_check_pts_with_pr_IsAMemberOf.c (1) and
remctl_acl_check_pts_without_pr_IsAMemberOf.c (2).
They're basically just hacks of OpenAFS source code.
Before going further I'd like to know If you have any comments or
remarks regarding the implementation choices I've made.
Thanks
Cheers
[1] https://gist.github.com/riton/f56329252e885275aa5e
--=20
Remi Ferrand | Institut National de Physique Nucleaire
Tel. +33(0)4.78.93.08.80 | et de Physique des Particules
Fax. +33(0)4.72.69.41.70 | Centre de Calcul - http://cc.in2p3.fr/
--------------ms080003040704090600020004--
--===============1152411835==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1152411835==--
