[OpenAFS] running vos from "another" machine

[Matthew Weigel]

Ron Croonenberg wrote:

> (Actually what I want is "a" machine to run OpenAFS so that I can use
> vos on it, but I don't want anyone with an afs account to be able to log
> in to the box, except an OpenAFS admin maybe.)
>
> Can that be done ? (and if so what do I need ?)

OpenAFS authentication is completely separate from login authorization;
unless you set up users to be able to log in, the fact that they can get
AFS tokens does nothing for letting them log in to the machine.

Depending on your site, it could be as simple as not including
Kerberos/AFS users in /etc/passwd, or not configuring PAM to authorize
users through your normal process.
-- 
 Matthew Weigel
 hacker
 unique@idempot.net