[OpenAFS] Need help getting OpenAFS integrated login working
on Linux RedHat 7.3
John Bleichert
syborg@stny.rr.com
Wed, 29 May 2002 18:36:05 -0400
Charles Clancy wrote:
>>3) Do I need to create a local user with the same id/password as my AFS id
>>on a Linux system?
>>
>>
>Sort of. You need a local user with no usable password -- that is,
>something like "*NP*" in /etc/shadow.
>
>>Or can I somehow login, obtain an AFS token, and startup
>>in my AFS home? (I do this on my AIX system and was hoping to do the same
>>on Linux.)
>>
>>
You'll also have a hell of a time (I would think) getting AFS and/or VPN
access to your cell at work. If I could access my AFS acount at work
from home I'd be really happy, but I think I'm more likely to see Frank
Zappa live than I am to get Corporate to let me VPN from home in Linux
and access my AIX box and our cell.
<snip>
>>(/etc/pam.d/httpd)
>>auth required /lib/security/pam_afs.so ignore_uid 100 dont_fork
>>
>>
>
>Again, unless you're using some sort of apache module for PAM
>autentication, you don't need this.
>
>
I missed the beginning of this thread (Im all outta sorts without Pine)
- if you just want httpd to read files out of AFS you just need to make
sure the ACL for the readable dirs includes "system:anyuser rl" - I have
my docroot in AFS and also read ~user from AFS. This was easier than
creating an ID for httpd ...
<snip>
>I know that on my redhat 7.2 machine, this file isn't used. You should
>modify /etc/pam.d/gdm if you're using the graphical login screen.
>
>For console logins to work, all you need to do is modify /etc/pam.d/login.
>For graphical logins, /etc/pam.d/gdm. For unlocking your screensaver
>(gnome only, I think -- you're screwed if you're using KDE) edit
>/etc/pam.d/xscreensaver.
>
>Depending on your setup, you may want to edit files such as
>/etc/pam.d/[sshd|telnet|ftp]
>
>Also, with Redhat's pam arrangement, you can just edit
>/etc/pam.d/system-auth, and include the AFS settings there, and everything
>else will magically work, because they call pam_stack.so which processes
>the settings in the service argument.
>
>
Thanks for the system-auth tip!
JB