Clone this wiki locally
Discussion regarding the development of op
Steve Simmons is planning on adding Kerberos support to op. This will mean that once you have been issued your Kerberos ticket op will just "work", without requiring constant re-authentication.
Current variable expansion works like this:
HOSTS=host1|host2 ACL=user@(HOSTS) halt /usr/sbin/shutdown -h now; users=ACL
Expansion from files/NIS/LDAP
It would be nice to be able to load an ACL from an external file, or perhaps even a NIS map or LDAP server.
If op encounters a / as the first character in a macro it could attempt to load it, although it might be better to have a less ambiguous method. eg.
ACL=/etc/op/shutdown_acl halt /usr/sbin/shutdown -h now; users=ACL
Or loading it from a NIS map might look something like this:
ACL=nis://shutdown_acl halt /usr/sbin/shutdown -h now; users=NIS_ACL
Another possibility (there is already a small amount of code in op for this, though not enabled) is to have conditional sections.
%if HOST == host1 ACL=user1@host1|user2@host1 %elif HOST == host2 ACL=user2@host2|user3@host2 %elif halt /usr/sbin/shutdown -h now; users=ACL