[OpenAFS] Problems installing openafs on Solaris9
Nathan Neulinger
nneul@umr.edu
04 Sep 2003 07:58:08 -0500
It should be possible to write an 'sslklog' similar to the gssklog stuff
that Engert has written that would manufacture an appropriate
ticket/token, but that would all have to be written from scratch.
-- Nathan
On Thu, 2003-09-04 at 06:00, Petter Lindquist wrote:
> On Wed, 3 Sep 2003, Jerome Walter wrote:
>
> > Unfortunately, you cannot store the passwords in the LDAP database. Passwords
> > have to be stored in AFS database or Kerberos database. LDAP does only store
> > accounting information, such as unix uid, shell, gecos and so on ...
> > I think you do not want people to have two passwords, so you should use
> > pam_afs for authentication, and nss_ldap to get the accounting information.
>
> Hmm.. We store passwords in LDAP for all other systems we are using, and
> we can not use afs for loggin into some web applications we have.
>
>
> > To create the users in the afs database, see bos createuser (for superusers)
> > and pts creatuser/creategroup/adduser/membership.
>
> creating users in afs wouldn't be a problem, but it would be very nice to
> have all passwords in the same database.
>
>
> > Please do not be confuse, groups and ids in the AFs database are only
> > considered in the AFS space, and the unix environment do not get this
> > information for local use. You have to have an unix id in your LDAP, and it is
> > a good idea to get the same AFS and unix Ids.
>
> That doesn't seem to be any problem at all.
--
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
UMR Information Technology Fax: (573) 341-4216