[OpenAFS] login information

Nathan Neulinger nneul@umr.edu
Fri, 15 Dec 2000 15:34:39 -0600

Correct, afs and kerberos only do authentication, they do not do
authorization (except in very limited cases.) The usual approach is to
define the password file in NIS/NIS+/LDAP/HESIOD/etc. but put a
null/invalid password in the password field, then to put pam'ified or
replacement /bin/login commands on the unix stations.

-- Nathan

Corey Kovacs wrote:
> First, thanx again to everyone who responded to my previous question
> regarding the volume creation error. The solution was of course that I
> had skipped a step (restarting the server process) all is well with the
> volumes now :)
> New Question:
> I want to use the AFS server to handle the authentication for the
> clients as
> well as supply their home directories etc. so that the users have only
> to issue
> one password response. I have read that one must either have local login
> information (home dir etc) predefined by some other means, either by
> using a bunk passwd file or NIS/NIS+ etc. In the documentation for
> AFS it seems to point out under creating users etc that you can set this
> information through AFS. Is this true or must I use one of the other
> mechanisms?
> --
> Corey Kovacs            "I know not with what weapons World War III
> Computer Science Dept.   will be fought, but World War IV will be
> DePauw University.       fought with sticks and stones."
> 765.658.6538                            - Albert Einstein
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-info


Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216