Fudo access

Usage Notes
Grants or revokes a specified access to a given host to one or more users.

NOTE: This is a half-finished idea, which I still intend to finish. It simply adds or removes a group membership to the user(s). The group names are of the form _ (i.e. thecitadel_ftp, athens_mail, sparta_shell). This, then, requires us to set up PAM on each host so that, for example, FTP access requires access to _ftp. That's easily doable, I just haven't done it yet because PAM is easy to break, and I was hoping for a more elegant way to modify PAM. This *is* set up on athens.

Incidentally, I planned to have a group named (i.e. 'athens'), which gave all meaningful access (FTP, shell, email, etc), and possibly a second, named _admin, which gives admin (i.e. sudo) access. You gotta admit, that's neat. The problem is, arguably, LDAP is easier to hack than a system, so someone could hack it, add himself as a user, and give himself admin access. Even if LDAP is hard to hack, it's another attack vector.

On the other hand, admin access would require Kerberos, too. So the attacker would need to break into both LDAP and Kerberos.

Usage
Usage: fudo_access { -G | --grant } { -H | --host= } { -a | --access= } ...  fudo_access { -R | --revoke } { -H | --host= } { -a | --access= }  ...

Grants or revokes access to a user

-G, --grant                     Grant access -R, --revoke                    Revoke access -H, --host [host]               Host on which to control access -a, --access [access]           Access to grant/revoke -h, --help                      Show this information