• Leigh B. Stoller's avatar
    Checkpoint (still neads testing and tweaking) vastly rewritten mkacct · b9ef7da1
    Leigh B. Stoller authored
    script, which is now called tbacct, and lives in the account directory
    instead of tbsetup (all account scripts are moving into this
    directory). The command line is different:
    	Usage: tbacct <add|del|mod|freeze|thaw|sfskey> <name>
    However, it is not really intended to be called from the command line,
    but if it is, it always does the right thing based on the DB. All of
    the ssh commands are localized here as well (mkproj and others will
    invoke this script instead of doing pw commands themselves on ops).
    My experience with this indicates a couple of things.
    * We should probably not invoke these backend scripts (which are
      setuid) as the user driving them from the web. This complicates
      things, especially in light of having to deal with users with no
      accounts (say, a new user, unapproved, who wants to change their
      password). Not sure what the right model is, but since the script
      always does the right thing, it really makes no difference who
      invokes it.
    * The actual pw commands should be driven from a script on the other
      side. This would make it easy to retarget to linux or whatever. I
      thought about doing that, but the shell quoting is a pain in the
      butt, and its not like I'm supposed to be doing this stuff.
webtbacct.in 390 Bytes