[OpenAFS] AFS Authentication with PAM
Brandon S. Allbery KF8NH
Thu, 05 Jul 2001 09:31:24 -0400
On Thursday, July 05, 2001 09:03:33 -0300, firstname.lastname@example.org wrote:
| We are trying to use pam_afs in order to test some [possible] glitches
| before moving into a completely distributed authentication system such
| as Kerberos or LDAP. We are, however, having some problems regarding
| user management and pam_afs -- a user cannot login unless an entry for
| him exists in the local pwdb (either shadow, plain passwd or something
| equivalent). This breaks the transparency of a fully distributed
| authentication system, as we have to create every single user in every
| single machine, and AFS seems to be used only when checking passwords.
| Is this a known PAM/Linux glitch? What is the workaround for this?
Presumably you also need to change the name service switch to get
information that isn't maintained by Kerberos (such as the user's home
directory and shell) from a distributed database. You will need to run
something like LDAP or NIS for this. Take a look at /etc/nsswitch.conf.
brandon s. allbery [os/2][linux][solaris][japh] email@example.com
system administrator [WAY too many hats] firstname.lastname@example.org
electrical and computer engineering KF8NH
carnegie mellon university ["better check the oblivious first" -ke6sls]