Excerpts from internet.info-afs: 2-Jun-94 AFS and sudo by John B. [EMAIL PROTECTED] > Has anyone in the AFS community patched the "sudo" code > to accept AFS passwords? We would like to use the flexability > of allowing certain user's su priveledge for limited functions. Here's an old message from the info-afs list Derrick ---------- Forwarded message begins here ---------- To: Pat Wilson <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: Should be FAQ - AFS'ified sudo? Date: Tue, 10 May 1994 23:27:34 +22306031 From: Shiva Ramabadran <[EMAIL PROTECTED]> In message <[EMAIL PROTECTED]> you write: } } I'm sure I've seen this somewhere, but can't find it at the moment - has } someone modified "sudo" so that it uses (AFS) Kerberos passwords rather } than looking in /etc/passwd? } I took sudo-1.1.1 (yech! icky code.) looooong ago (back in the days of AFS 3.1), and hacked at it some to add AFS functionality. I added: 1> Support for AFS authentication. [a call to ka_UserAuthenticate()] 2> Support for UNIX groups and PTS groups to be recipients of sudo privs. (eg. let the members of its:operators have sudo on reboot, etc.) 3> The ability to Host_Aliases consisting of Host_Aliases. (which that version did not have. Perhaps newer versions do allow that now.) 4> A very ugly -list option, to allow someone to list the possible list of privs they had. The code was more complicated that it need to be to start with, and I don't think what I did helped it any! :-) But it seems to work. You can pick up this version from: /afs/rpi.edu/campus/other/sudo/1.1.1/common/src/ Good luck, -Shiva -=- UNIX Systems Programmer, Rensselaer Polytechnic Institute, Troy NY 12180. Phone: (518) 276 8733. Fax: (518) 276 2809. Internet: [EMAIL PROTECTED]
