[OpenAFS] account support in pam_afs.so?

Derek Atkins warlord@MIT.EDU
10 Jun 2003 11:08:04 -0400


Yes, you need to use one of the following for Account information:

        NIS
        LDAP
        Hesiod
        /etc/passwd

Authentication information can (should!) be done using krb5,
although you could use kaserver if you really want to use old
software that will probably disappear relatively soon.

-derek

Karl Bowden <kbowden@pacificspeed.com.au> writes:

> After getting my first cell up and running yesterday on RH9, I am left
> with a little problem with pam, and account auth. But first I was having
> great trouble with nautilus crashing, which went away with turning
> sgi_fam off, and also trouble with gconf locking files after logout of
> gdm but not saving most recent changes to the ~/.gconf/. This also seems
> to be fixed with the following entry in /etc/pam.d/system-auth
> session optional pam_afs.so no_unlog
> Are there any really bad side effects to this? The problem seems not to
> be fixed with a "remainlifetime 10" or even "remainlifetime 100", as
> gconf tries to keep access to these files untils reboot it seems. I will
> keep digging in gconf to find out more about this problem.
> 
> And lastly, is there a way to use afs for "account" in pam, without
> resorting to krb or ldap? I have tried the automatic passwd file
> creation with uss, and stored the file in
> /afs/cellname/common/etc/passwd, then used a line like:
> account sufficient pam_localuser.so file=/afs/cellname/common/etc/passwd
> >From the debug log I see that pam_localuser.so sees the entries in my
> passwd file but does not return the required status to pam, and no (afs)
> users can login until they have entries in /etc/passwd for account
> information.
> I do not want to resort to merging all afs users into each machines
> /etc/passwd file, as that has the potential to get messy real quick, and
> is not a very clean solution in regards to what pam was designed for.
> So is it possible to use pam_afs.so to retrive account information from
> kas or some other place to store the information?
> 
> Regards,
> Karl Bowden
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available