[OpenAFS-devel] [PATCH] new features for pam_afs
Derrick J Brashear
shadow@dementia.org
Wed, 29 Aug 2001 14:54:17 -0400 (EDT)
On Wed, 29 Aug 2001, Rudolph T Maceyko wrote:
> --On Wednesday, August 29, 2001 14:10:14 -0400 Derrick J Brashear
> <shadow@dementia.org> wrote:
>
> > The use of the passwd entries containing the crypted password
> > replaced by the string "USE_AFS" is described below. What is the
> > point of this as opposed to trying AFS authentication for users with
> > a traditional non-password in the field like "X"? If the intent is to
> > not allow login at all for accounts with a field "X" why put them in
> > the passwd file at all?
>
> Either this or the uid method would be good enough for what I have in
> mind: identifying a set of users who are authenticated only locally,
> while the rest of them are authenticated via AFS.
In what cases will you have local (non "X") passwords for users who you
expect to authenticate via AFS?
> > The admission that it's non-portable is one good reason why this
> > option should not be included. Is there anything which would push
> > this the other way?
>
> I, for one, like the idea represented by this patch and the uid-based
> one.
The ability to choose when you use AFS authentication is reasonable. The
non-portable "embed a string" approach is undesirable.
-D