On Tue, 3 Sep 2013 10:20:24 -0400 (EDT) [email protected] wrote: > Thanks for the explanation. > > The use case I was thinking of is exactly what you mention: revoking > someone's rights by removing them from a group. Right or wrong, users' > expectations seem to be "I removed a user from a group, s/he is > immediately denied access to the affected directories."
I don't mean it's "wrong"; I just mean, if they're surprised by that, they're in for some surprises on other systems, too. (e.g. Unix groups; and I thought AD put your group info in the similarly-session-y PAC.) > What's the 1.6.6 command to recalculate user CPSes, just for my > edification? The command is called 'cacheout'. It's not new to 1.6.6, and has existed for a long time, but it's been one of those utilities that was only mostly-implemented. Using it for this purpose will not work in many cases when used against servers running 1.6.5 or earlier. It's kinda in the process of turning into a "real" command now, and should be useful for this as of 1.6.6, assuming certain patches intended for 1.6.6 do not get pulled out. It's probably not packaged with whatever you're using, but it's in src/venus/cacheout if you want to look at it. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
