[OpenAFS] OpenAFS and LInux PAM

[Charles Clancy]

> I would like to create user system accounts with a /bin/false shell
> (this has worked will with FTP and PAM in the past). All users will be
> Win2k / XP clients. The disadvantage has been that the user cannot
> change his or her password. When utilizing this configuration, no FTP
> user account is created as any authentication requests are forwarded to
> the system for a valid user and password.

So, let me try and understand what you're doing here.  You have a bunch of
Win2k/XP clients, and they access an linux FTP server that will
prospectively be running AFS?  You don't want these users to have shell
access?

If this is the case, you current setup should be fine.  Just swap out
pam_unix with pam_afs, and your FTP server should operate as it does now.
You'll still need to keep everyone's account info in /etc/passwd to define
their home directories.  As in your earlier setup, users still won't be
able to change their passwords (though this could easily be remedied
through a simple web-application to change passwords).

What I don't understand from your original post was if you're going to run
the AFS client on your windows systems.  If you do, then you'd presumably
not need to use FTP anymore.  Then, users *would* be able to reset their
passwords, as the Windows AFS client has that ability.  Additionally, you
wouldn't need to maintain an /etc/passwd on your server.

Anyway, I'm not sure what PAM has to do with all of this.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]