K 10
svn:author
V 10
luisfmunoz
K 8
svn:date
V 27
2009-07-01T14:18:39.215872Z
K 7
svn:log
V 1084
Start a branch to play with a way of defining ACLS that is less intrussive.

Quoting myself:

I've been asked at CERN for changing the semantics for ACLs in
ncm-useraccess. Essentially, they are unhappy with the fact that a
value on a single user configuration, which may be hidden, make lock
everyone out of the system if they don't review it.

Instead, they'd like to have a "global" switch to decide the list of
services that obbey any ACLs. Then, users will be added to whatever
ACLs they need to. Unfortunately, changing to ncm-pam would take
months, whereas a small change in ncm-useraccess would be a matter of
a few hours.

So, I'm about to create a branch that does this:
/software/components/useraccess/users/<foo>/acls will add the user to
the ACL, but will *NOT* imply any changes in /etc/pam.d/*. For doing
that, a new optional field, f.i
/software/components/useraccess/acl_services will controll all
services requiring ACLs.

This is backwards compatible at compilation time, but it is a change
in the semantics, and I want to know who'd be affected before
proceeding.

END