[OpenAFS] Integrated Windows/AFS Login only for certain Groups

Paul T Hirose pthirose@supreme.engr.ucdavis.edu
Wed, 7 Nov 2001 16:45:33 -0800 (PST)


Is there a way to have the "Obtain AFS Tokens When Logging in to Windows"
checkbox option *not* be for everyone who logs in to a Windows computer, but
rather be only for users in (or not in) a specific group?

Using either OpenAFS, or Transarc's AFS Client on Windows 2000 Pro w/SP2,
managed by a W2K Server using Active Directory.  We have a batch of users
some who exist in an AFS Cell and some who do not.  For those that do,
we've made sure their Windows username/password is the same as their
AFS username/password.

Right now, we have that "Obtain AFS Token when logging in to Windows"
checkbox checked, and it works great for our folks who do exist in AFS.
They can happily read/write to AFS space, as well as normal Windows
filespace.  For those who don't existin AFS space, they get an error msg
and then continue on.  We've currently told them to simply ignore that msg :)

Ideally, we'd like to have the auto-obtain AFS Token feature only come in
to play for the first group of people.  Alternatively, if the error msg/dialog
can be made removed and just quietly fail, that would also satisfy our
second group of folks.  Or, is there any way to obtain an AFS via some
login-script - which would probly require that script to have access to
the plaintext username/password that was entered during the login dialog?

Thanks,
PH

-- 
Paul Hirose          : pthirose@ucdavis.edu : Sysadm Motto: rm -fr /my/life
1039 Academic Surge  : Programmer/Analyst   : Backup Motto  : rm -fr /
One Shields Avenue   : Fax   (530) 752-4465 :-------------------------------
Davis, CA 95616-8770 : Voice (530) 752-7181 : rec.pets.cat.anecdotes \(^_^)/