According to [EMAIL PROTECTED]:
> We are interested in writing some simple scripts to allow users to perform
> admin functions like creating volumes and IDs. We are looking for a method
> or tool/freeware that will allow the user to obtain an admin token as long
> as is necessary without jeopardizing security of the admin token or
> hardcoding the admin ID and password in the script. Any ideas or pointers
> to tools is appreciated.
We are using a script (AX) on one dedicated machine that has an admin
id and monitors a mailbox where requests arrive by mail. Request mails
are generated by other programs, either started by regular users as
shell commands or CGI scripts. Each user-/cgi- script signs the
request. The AX script will then take the abstract request, verify the
signature etc. and execute the necessary AFS commands.
This approach allows us to have fine grained control about what each
user or CGI can do. User rights are granted or revoked by adding or
removing their keys to AX's keyring. Requests are serialized by the
mail transport and not execeuted in parallel. AX can be shut down for
general AFS maintenance, unprocessed requests can be processed after
maintenance or dropped
+gg
--
[EMAIL PROTECTED] Fax: +43/1/31336/702 [EMAIL PROTECTED]
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
