> "Jack Goldstein" <[EMAIL PROTECTED]> writes:
> > Ref: Your note of Mon, 30 Nov 92 8:24:22 EST
> >
> > For the first problem, (installs in non-standard directories), I just use
> > make to build the programs and then install them using my own shell
> > script. For the second (allowing users to do vos releases), I set up
> > a services account on our AFS server that allows users to rsh to it
> > without a password. The account shell is a special program that
> > will perform one of a small set of privileged services. In the case of
> How does this program gain the privileges to perform these actions?
> Something like the reauth daemon? Or something less or more involved?
I wrote two utilities aksrvtgt and aksrvutil some time ago which we use
to hack enough holes into AFS/Kerberos security to be able to breathe
again. They're meant to mimic their Kerberos counterparts. Basically
equivalent to having 'klog -password' in clear text in a shell script,
just that the password is encoded and therefore slightly harder to type.
I'm not particularly proud of them, that's why I started looking into ADM
recently which looks promising.
--
Rainer Toebbicke - [EMAIL PROTECTED] - [EMAIL PROTECTED]
European Laboratory for Particle Physics - CERN
Geneva, Switzerland
