[OpenAFS] running vos from "another" machine

[Dexter 'Kim' Kimball]

     -----Original Message-----
     From: Ron Croonenberg [mailto:ronc@depauw.edu]=20
     Sent: Wednesday, August 24, 2005 2:13 PM
     To: dhk@ccre.com
     Cc: openafs-info@openafs.org
     Subject: RE: [OpenAFS] running vos from "another" machine
    =20
    =20
     Hi Kim,
    =20
     >Hi Ron,
    =20
     >Guess you're up and running :)
    =20
     Yup,  had some communication problems between the "old"=20
     server and the new box.
    =20
     >The AFS commands can be run from any AFS client.
    =20
     Right..  BUT I don't want to just install the AFS client=20
     because I don't want anyone to really have access to that machine.
    =20
Installing the AFS client doesn't grant anyone access to that machine.

     >AFAIK if a user doesn't have an entry in /etc/passwd=20
     they're not able >to log in.  PAM may be able to=20
     circumvent this, I'm not an expert, but
     > suspect if you try using an /etc/passwd with just the=20
     permitted login
     > users that it will work.
    =20
     >IOW -- set the machine up as an AFS client, and any of the AFS=20
     >commands can be run from that client.  Trim the /etc/passwd file
     > and see if you can still log in as one of the deleted users.
    =20
     Uhm, ok,  someone else suggested to not do any "pam"=20
     stuff..  that way afs users can simply not use the machine.
    =20
That should work as long as there are no local (non-AFS) accounts with =
local
passwords.

I prefer leaving PAM properly configured.

Keep in mind that if PAM doesn't work for anyone else it won't work for =
you
either, so be sure to have a local account or a local password for your =
AFS
account.

You'll have to klog after you log in.

     I thought that maybe there was some "elegant" way to do=20
     what I wanted.
    =20
I'm sure we could come up with something more complicated :)

     >Kim
    =20
     thanks,
    =20
     Ron
    =20
     =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
     Kim (Dexter) Kimball
     CCRE, Inc.
     kim<dot>kimball<at>jpl.nasa.gov
     dhk<at>ccre.com
    =20
    =20
    =20
          -----Original Message-----
          From: openafs-info-admin@openafs.org=20
          [mailto:openafs-info-admin@openafs.org] On Behalf Of Ron=20
          Croonenberg
          Sent: Wednesday, August 24, 2005 11:36 AM
          To: openafs-info@openafs.org
          Subject: [OpenAFS] running vos from "another" machine
         =20
         =20
          Hello all,
         =20
          I want a machine that is not "per se" an OpenAFS client or=20
          server to be
          able to run vos so I can dump volumes in a cell.
         =20
          (Actually what I want is "a" machine to run OpenAFS so=20
          that I can use
          vos on it, but I don't want anyone with an afs account to=20
          be able to log
          in to the box, except an OpenAFS admin maybe.)
         =20
          Can that be done ? (and if so what do I need ?)
         =20
          thanks,
         =20
          Ron
         =20
          _______________________________________________
          OpenAFS-info mailing list
          OpenAFS-info@openafs.org
          https://lists.openafs.org/mailman/listinfo/openafs-info
         =20
    =20
    =20
    =20
    =20