[OpenAFS] libnss-ptdb

FB fbo2@gmx.net
Sun, 1 Apr 2007 21:03:05 +0200


On Sun, Apr 01, 2007 at 09:56:24AM -0700, Adam Megacz wrote:


> I see.  I think nscd would achieve the same effect...

Not really. It would still mean, having to wait for missing DB-servers to be
marked offline - for each process.

> Also, while I'm hacking on this, two more questions:
>  1. Does it make sense to map AFS group ids (with the sign reversed)
>     onto GIDs?

Most likely no.

>  2. Previous suggestions about shells involved putting users into
>     groups named after shells, such as
>       pts add adam shell:bash
>     But it seems that this wouldn't allow users to manage their own
>     shells since shell:bash would belong to some administrative user.
>     What about an alternative, where users would create a group
>     "username:shell.bash"?
>       pts cg adam:shell.bash

Hmm... Where does the 'groupname'->'shell-binary' map come from?

When I started using AFS I despaired of Kerberos. My boss suggested, simply
to put a passwd-file into the AFS-filespace :-) . Not a really good idea for
authentication but maybe for a user-shell-map. Changing the shell could be
accomplished by some web-interface and a script, updating this file once an

> Davor Ocelic also had a neat suggestion about giving human-readable
> names to PAG groups.

Do you have some pointer for that?