[OpenAFS] Authentication Mechamisms

Donavan Pantke avatar@dcr.net
Sat, 5 Jan 2002 20:27:23 -0500


This is a multi-part message in MIME format.

------=_NextPart_000_0996_01C19627.61BAFD60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm looking at putting in a shared Filesystem setup at my
company, but I really started looking at the authentication system in =
NFS
and said ick! :) Anyway, I was looking over the authentication mechanism =
in
AFS, and I really didn't want to maintain yet ANOTHER username/password
listing. That's the biggest reason I'm implementing a Novell eDirectory =
tree
to handle that. My question is that I have PAM modules and such that
authenticate users against the eDirectory, is there any way I can get =
AFS to
use eDirectory or any similar directory (LDAP, etc) to get it's
authentication token? This way, I can simply use the username in =
eDirectory,
and don't have to worry about using the AFS auth database. Or, maybe =
just as
well, is there an AFS auth server that simply looks things up in an
LDAP-type directory for it's info?


------=_NextPart_000_0996_01C19627.61BAFD60
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#d8d0c8>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
size=3D3>I'm looking at=20
putting in a shared Filesystem setup at my<BR>company, but I really =
started=20
looking at the authentication system in NFS<BR>and said ick! :) Anyway, =
I was=20
looking over the authentication mechanism in<BR>AFS, and I really didn't =
want to=20
maintain yet ANOTHER username/password<BR>listing. That's the biggest =
reason I'm=20
implementing a Novell eDirectory tree<BR>to handle that. My question is =
that I=20
have PAM modules and such that<BR>authenticate users against the =
eDirectory, is=20
there any way I can get AFS to<BR>use eDirectory or any similar =
directory (LDAP,=20
etc) to get it's<BR>authentication token? This way, I can simply use the =

username in eDirectory,<BR>and don't have to worry about using the AFS =
auth=20
database. Or, maybe just as<BR>well, is there an AFS auth server that =
simply=20
looks things up in an<BR>LDAP-type directory for it's=20
info?</FONT><BR></FONT></DIV></BODY></HTML>

------=_NextPart_000_0996_01C19627.61BAFD60--