[OpenAFS] AFS without local authentication

Jeremy Katz katzj@redhat.com
30 Nov 2001 15:35:12 -0500


On Fri, 2001-11-30 at 15:32, Ken Hornstein wrote:
> >> But the really USEFUL bits (the part that glues it into your operating
> >> system) don't seem to be available.  I never personally considered
> >> Hesiod useful because it's not feasible to my mind to modify EVERY
> >> application to make Hesiod calls instead of the traditional getpw*()
> >> calls (and what about programs that are native to the operating system).
> >
> >I believe there is nsswitch code for Hesiod in glibc, so one could
> >presumably rip it out of there into a separate library that possibly could
> >be compiled for other operating systems that use nsswitch.
> 
> Maybe I'm confused .... but I don't think this would help, would it?  I
> mean, you'd have to replace the whole C shared library for target
> platforms for this to work, and somehow I don't think that's
> reasonable.  Unless you're just talking about linking site-specific apps
> with a library that had your own special versions of the getpwn*()
> functions ... but I don't think that's good enough.

For systems running Linux, you just set up glibc to use the hesiod
nsswitch stuff and glibc appropiately uses hesiod on getpwn*().  For
Solaris and other systems with an nsswitch interface, you can do
similarly (do a search for nss_hesiod on google, I don't have the link
on hand) although some sites just hack /bin/login to add things to
/etc/passwd.  *shudder*.  For other systems, how do they handle
NIS/LDAP?  You'll want to do something similar for Hesiod.

Jeremy