[OpenAFS] how to integrate auth with Linux system

Charles Clancy security@xauth.net
Sat, 9 Feb 2002 16:46:14 -0600 (CST)


> After think a while,
> I got a solution in my mind:
>
> <1>set nis passwd source file (before make) as invaild like "*NP*" or
> "!!", this make user can not login with nis passwd

I really don't know what you mean by "nis passwd source file".  I assume
you mean you are going to sent the password entries in the nis passwd
source file to the above suggestions.  That should be fine.

> <2>setup client PAM to use afs auth

Correct.

> <3>map the the user home folder to afs mount point
> it is right?

You can do that.  Something I've done in the past is to have the
directory: /afs/cell.domain.net/home

and then make a symlink: ln -s /afs/cell.domain.net/home /home

Users' home directories can then be in the standard place.

> BTW: for cvs user,
> <1>use cvs passwd to auth user,

You'd probably want a local account (not NIS or AFS) for the CVS user.

> <2>make a script to sync the nis passwd source file to cvs passwd file
> it is right again?

Who do you want to log in to CVS?  Do you want to have a single account
for everyone to share, or do you want regular AFS users to log in?  If you
want AFS users to log in, you'll want to double check the status of PAM
support, or use Kerberos 5 support (if you are running kerberos 5 in your
cell).

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy