[OpenAFS] running vos from "another" machine
Ron Croonenberg
ronc@depauw.edu
Wed, 24 Aug 2005 18:48:11 -0500
exactly!!
What I want is a local user on "that" machine (a backup server) to run
vos and create dumpfiles on that machine. Only very few (uuhh just
me....) are allowed on that machine.
I know I need to install afs in some sort of fashio, that's ok BUT I do
not want anyone to be able to log in to that backup server. (So yes I
need afs installed, possibly the client even...but if the client needs
to be on there ...I DON'T want any "regular" users (or any afs users) to
be able to log into that machine.
So yes that is exactly what I want...only local users.
Your solution for being able to log in and connect to the afs cell ONLY
when one also has a local account sounds like something I could use.
(*S* I might like to know how you got that to work)
thanks,
Ron
Ron,
I may be missing something, but if you install the afs client, but don't
put an afs hook in the pam configuration for the sshd, only users with
local accounts will be able to login, and that won't open that machine
to
afs users. Pam can use a variety of sources for authentication, and you
should use it, it's a Good Thing.
You can also set up pam for so that it requires a local login, and also
logs into the afs cell, but doesn't allow users who just authenticate
via
afs to connect. This is how my workstation is set up--that way only
local
accounts can log in, but anyone who does gets a token to afs when they
do
and doesn't have to klog.
Also, you can use the sshd configuration to specifically limit who can
login with ssh in any case, or force ssh logins to require a key
(instead
of using a password). So you could allow yourself, but disallow all
others
as an additional precaution.
Hope that helps,
bil
--
________________________
bil hays
Network Manager
Computer Science, UNC CH
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info