[OpenAFS] how to integrate auth with Linux system

Charles Clancy security@xauth.net
Thu, 7 Feb 2002 23:34:06 -0600 (CST)


> >cat /var/nis/domain.net/data/passwd | awk \
> >'BEGIN{FS=":"}{$2="*NP*"}{s=$1}{for (i=2;i<=NF;i++) s=s":"$i}{print s}' > \
> >/tmp/passwd
> >
>
> in my case, the passwd file is directly in /etc, nis folder is /var/yp.
> so I have to cp it to another place and change the makefile to point to
> the new one? and later when adduser should work with that file.

Your local passwd file is /etc/passwd.  Your NIS passwd map should be
stored in /var/yp/domain/....  These are two different files, with very
different purposes.  You most certainly should change the Makefile.

Does your adduser command support NIS?  I know useradd on Solaris does
not.  I'm not sure about Linux.

> the server which will host AFS, now is cvs server, and auth user against
> system auth.

So... you don't have NIS running at the moment?

> I donot know when the cvs auth a user, it base on /etc/passwd,
> /etc/shadow or base on PAM login?

When I last heard, CVS was moving toward PAM.  I don't know if the current
version support it yet, or not.  For security reasons, I don't think
running CVS on your AFS server is a very good idea.  (Not that I can think
of a specific reason -- just sounds like a bad idea.)

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy