[OpenAFS] openafs without pam

Tino Schwarze tino.schwarze@informatik.tu-chemnitz.de
Mon, 4 Aug 2003 11:26:25 +0200


On Mon, Aug 04, 2003 at 12:10:37PM +0300, Andrei Boros wrote:

> > How are you going to authenticate the Windows boxes? If you're going to
> > use Samba as a translator, you probably need PAM.
> Which then would mean recompiling Samba as well.
> 
> Currently Samba is domain controller and does the authentication. But I
> can do without it (actually AFS is intended to be a complete replacement
> for the SMB protocol)

Samba currently does a job for you which AFS cannot: Supply User
Meta-Information (like home directory). You'd need to replace that part
by LDAP or an other mechanism; I guess you are using profiles, then you
still need Samba and you also need Samba to authenticate against AFS
(and even worse: you need plaintext passwords for this to work). There
are hacks which make Samba work without plaintext passwords in an AFS
environment, but I never tried one.

> > For administrative tasks,
> > you can authenticate manually (and there's no need for an AFS server to
> > be a client at all, it's usually useful though).
> > 
> > I think, you only need PAM if some service on the server needs to
> > authenticate against AFS automatically.
> 
> Ok, this is good news. 
> However, how do I convince openafs to install without PAM, as configure
> halts when it doesn't find PAM?

Try --without-pam

HTH! Tino.

-- 
             * LINUX - Where do you want to be tomorrow? *
                  http://www.tu-chemnitz.de/linux/tag/