[OpenAFS] Problems installing openafs on Solaris9
Jerome Walter
openafs-info@openafs.org
Wed, 3 Sep 2003 15:01:00 +0200
On Wed, Sep 03, 2003 at 02:39:35PM +0200, Petter Lindquist wrote:
> On Tue, 2 Sep 2003, Jerome Walter wrote:
> > - If you want a less secure, but easier to setup authentication, OpenAFS
> > furnish is own authentication server, based on KerberosIV. Juste follow the
> > documentation on http://www.openafs.org/ and it should go just fine.
>
> That's what I'm doing now, and it seems fine...
>
> Now it would be nice if my users (including myself) could access the
> server too. So far just admin is able to login. Here it would be nice if
> afs could check username/password against our ldap. possible?
Unfortunately, you cannot store the passwords in the LDAP database. Passwords
have to be stored in AFS database or Kerberos database. LDAP does only store
accounting information, such as unix uid, shell, gecos and so on ...
I think you do not want people to have two passwords, so you should use
pam_afs for authentication, and nss_ldap to get the accounting information.
To create the users in the afs database, see bos createuser (for superusers)
and pts creatuser/creategroup/adduser/membership.
Please do not be confuse, groups and ids in the AFs database are only
considered in the AFS space, and the unix environment do not get this
information for local use. You have to have an unix id in your LDAP, and it is
a good idea to get the same AFS and unix Ids.
> > And as would say the japanese: Gambatte !!! (Courage) ...
>
> Hmm.. this thing (among others) is making me a smoker...
Not good ;) You will see, AFS is complicated only the first time you look at
it. Once you will get all running, you will see it is not horrible to
administrate.
> Should I post this to the list also?
Yes, i do ;)
--
-+-- Jérôme Walter - I2 EFREI ----+-
Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus Tutors
"The World is my country" - "Nihon no tomodachi desu"
EFREI System and Networking guide http://perso.efrei.fr/~walter/