[OpenAFS] AFS Authentication with PAM
Brandon S. Allbery KF8NH
allbery@ece.cmu.edu
Thu, 05 Jul 2001 09:31:24 -0400
On Thursday, July 05, 2001 09:03:33 -0300, ulisses@radix.com wrote:
+----
| We are trying to use pam_afs in order to test some [possible] glitches
| before moving into a completely distributed authentication system such
| as Kerberos or LDAP. We are, however, having some problems regarding
| user management and pam_afs -- a user cannot login unless an entry for
| him exists in the local pwdb (either shadow, plain passwd or something
| equivalent). This breaks the transparency of a fully distributed
| authentication system, as we have to create every single user in every
| single machine, and AFS seems to be used only when checking passwords.
| Is this a known PAM/Linux glitch? What is the workaround for this?
+--->8
Presumably you also need to change the name service switch to get
information that isn't maintained by Kerberos (such as the user's home
directory and shell) from a distributed database. You will need to run
something like LDAP or NIS for this. Take a look at /etc/nsswitch.conf.
--
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university ["better check the oblivious first" -ke6sls]