[OpenAFS] openafs without pam
Tino Schwarze
tino.schwarze@informatik.tu-chemnitz.de
Mon, 4 Aug 2003 11:26:25 +0200
On Mon, Aug 04, 2003 at 12:10:37PM +0300, Andrei Boros wrote:
> > How are you going to authenticate the Windows boxes? If you're going to
> > use Samba as a translator, you probably need PAM.
> Which then would mean recompiling Samba as well.
>
> Currently Samba is domain controller and does the authentication. But I
> can do without it (actually AFS is intended to be a complete replacement
> for the SMB protocol)
Samba currently does a job for you which AFS cannot: Supply User
Meta-Information (like home directory). You'd need to replace that part
by LDAP or an other mechanism; I guess you are using profiles, then you
still need Samba and you also need Samba to authenticate against AFS
(and even worse: you need plaintext passwords for this to work). There
are hacks which make Samba work without plaintext passwords in an AFS
environment, but I never tried one.
> > For administrative tasks,
> > you can authenticate manually (and there's no need for an AFS server to
> > be a client at all, it's usually useful though).
> >
> > I think, you only need PAM if some service on the server needs to
> > authenticate against AFS automatically.
>
> Ok, this is good news.
> However, how do I convince openafs to install without PAM, as configure
> halts when it doesn't find PAM?
Try --without-pam
HTH! Tino.
--
* LINUX - Where do you want to be tomorrow? *
http://www.tu-chemnitz.de/linux/tag/