[OpenAFS] how to integrate auth with Linux system

Mike Lee mike.li@bamboonetworks.com
Sat, 09 Feb 2002 18:01:02 +0800


Thank

After think a while,
I got a solution in my mind:
<1>set nis passwd source file (before make) as invaild like "*NP*" or
"!!", this make user can not login with nis passwd
<2>setup client PAM to use afs auth
<3>map the the user home folder to afs mount point
it is right?

BTW: for cvs user,
<1>use cvs passwd to auth user,
<2>make a script to sync the nis passwd source file to cvs passwd file
it is right again?

happy lunar new year

Charles Clancy wrote:

>>>cat /var/nis/domain.net/data/passwd | awk \
>>>'BEGIN{FS=":"}{$2="*NP*"}{s=$1}{for (i=2;i<=NF;i++) s=s":"$i}{print s}' > \
>>>/tmp/passwd
>>>
>>in my case, the passwd file is directly in /etc, nis folder is /var/yp.
>>so I have to cp it to another place and change the makefile to point to
>>the new one? and later when adduser should work with that file.
>>
>
>Your local passwd file is /etc/passwd.  Your NIS passwd map should be
>stored in /var/yp/domain/....  These are two different files, with very
>different purposes.  You most certainly should change the Makefile.
>
>Does your adduser command support NIS?  I know useradd on Solaris does
>not.  I'm not sure about Linux.
>
>>the server which will host AFS, now is cvs server, and auth user against
>>system auth.
>>
>
>So... you don't have NIS running at the moment?
>
>>I donot know when the cvs auth a user, it base on /etc/passwd,
>>/etc/shadow or base on PAM login?
>>
>
>When I last heard, CVS was moving toward PAM.  I don't know if the current
>version support it yet, or not.  For security reasons, I don't think
>running CVS on your AFS server is a very good idea.  (Not that I can think
>of a specific reason -- just sounds like a bad idea.)
>
>--
>t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>