[OpenAFS-devel] [PATCH] new features for pam_afs
David Thompson
thomas@cs.wisc.edu
Wed, 29 Aug 2001 14:35:06 -0500
Derrick J Brashear wrote:
>The use of the passwd entries containing the crypted password replaced by
>the string "USE_AFS" is described below. What is the point of this as
>opposed to trying AFS authentication for users with a traditional
>non-password in the field like "X"? If the intent is to not allow login at
>all for accounts with a field "X" why put them in the passwd file at all?
So that things like `ls -l` show the right thing for that user's files, even
if he isn't allowed to log in there.
I have problems with overloading the passwd field of /etc/passwd. The
non-portability issue here is very significant. There are many authentication
mechanisms that this could break. If you want to choose an authentication
mechanism on a per-user basis, the place to make the choice is in an auxiliary
database (maybe just a flat file), not in /etc/passwd (or /etc/shadow).
--
Dave Thompson <thomas@cs.wisc.edu>
Associate Researcher Department of Computer Science
University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
1210 West Dayton Street Phone: (608)-262-1017
Madison, WI 53706-1685 Fax: (608)-262-6626
--