[OpenAFS] running vos from "another" machine
Thimo Neubauer
thimo@macht.org
Wed, 31 Aug 2005 21:54:38 +0200
--G6nVm6DDWH/FONJq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Aug 24, 2005 at 06:48:11PM -0500, Ron Croonenberg wrote:
> What I want is a local user on "that" machine (a backup server) to run
> vos and create dumpfiles on that machine. Only very few (uuhh just
> me....) are allowed on that machine.=20
> I know I need to install afs in some sort of fashio, that's ok BUT I do
> not want anyone to be able to log in to that backup server. (So yes I
> need afs installed, possibly the client even...but if the client needs
> to be on there ...I DON'T want any "regular" users (or any afs users) to
> be able to log into that machine.
Absolutely possible with PAM, e.g.:
auth required pam_krb5.so
account required pam_unix.so
session optional pam_openafs_session.so
session required pam_unix.so
and just put yourself with any UID/GID of your choice into
/etc/passwd. Authorization via Kerberos accepts the passwords of all
of your users but they fail because of no Unix-account (if you didn't
insert funky stuff into your nsswitch.conf that is). And with the
configuration above you should also get an AFS token and a PAG. What's
more to want? ;-)
Cheers
Thimo
--G6nVm6DDWH/FONJq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFgr+Has8RNomMhgRAmoLAJ4j2BGuhn4/7cC/dF9OHpPcIZOgEwCfRoak
SnMkC76IOWzid6NOIFc68os=
=e5ze
-----END PGP SIGNATURE-----
--G6nVm6DDWH/FONJq--