Development

dagwieers edited this page Jun 6, 2012 · 1 revision
Clone this wiki locally

Discussion regarding the development of op

Kerberos

Steve Simmons is planning on adding Kerberos support to op. This will mean that once you have been issued your Kerberos ticket op will just "work", without requiring constant re-authentication.

Variable expansion

Current variable expansion works like this:

HOSTS=host1|host2
ACL=user@(HOSTS)

halt /usr/sbin/shutdown -h now; users=ACL

Expansion from files/NIS/LDAP

It would be nice to be able to load an ACL from an external file, or perhaps even a NIS map or LDAP server.

If op encounters a / as the first character in a macro it could attempt to load it, although it might be better to have a less ambiguous method. eg.

ACL=/etc/op/shutdown_acl
halt /usr/sbin/shutdown -h now; users=ACL

Or loading it from a NIS map might look something like this:

ACL=nis://shutdown_acl
halt /usr/sbin/shutdown -h now; users=NIS_ACL

Conditional sections

Another possibility (there is already a small amount of code in op for this, though not enabled) is to have conditional sections.

eg.

%if HOST == host1
ACL=user1@host1|user2@host1
%elif HOST == host2
ACL=user2@host2|user3@host2
%elif

halt /usr/sbin/shutdown -h now; users=ACL