[OpenAFS] how to integrate auth with Linux system

Charles Clancy security@xauth.net
Wed, 6 Feb 2002 23:22:08 -0600 (CST)


>>>>> Now I am using NIS auth, and how to just use one command to change
>>>>> two passwords(NIS and AFS)?
>>>>
>>>> You don't want to have NIS passwords.  Set your NIS passwords to
>>>> "*NP*",
>
> Thank You,
> and how to? (I am a beginner )

First, kill all your NIS passwords:

cat /var/nis/domain.net/data/passwd | awk \
'BEGIN{FS=":"}{$2="*NP*"}{s=$1}{for (i=2;i<=NF;i++) s=s":"$i}{print s}' > \
/tmp/passwd

mv /tmp/passwd /var/nis/domain.net/data/passwd
cd /var/nis
make

(might need some slight adjustment to the filename, depending on setup)

Then, configure /etc/pam.d/service something like:
auth	   sufficient   /lib/security/pam_afs.so ignore_root
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
session    optional     /lib/security/pam_afs.so

I assume you already have NIS configured in /etc/nsswitch.conf.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy