[OpenAFS] running vos from "another" machine

Thimo Neubauer thimo@macht.org
Wed, 31 Aug 2005 21:54:38 +0200

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 24, 2005 at 06:48:11PM -0500, Ron Croonenberg wrote:

> What I want is a local user on "that" machine (a backup server) to run
> vos and create dumpfiles on that machine. Only very few (uuhh just
> me....) are allowed on that machine.=20
> I know I need to install afs in some sort of fashio, that's ok BUT I do
> not want anyone to be able to log in to that backup server. (So yes I
> need afs installed, possibly the client even...but if the client needs
> to be on there ...I DON'T want any "regular" users (or any afs users) to
> be able to log into that machine.

Absolutely possible with PAM, e.g.:

auth    required      pam_krb5.so

account required        pam_unix.so

session optional        pam_openafs_session.so
session required        pam_unix.so

and just put yourself with any UID/GID of your choice into
/etc/passwd. Authorization via Kerberos accepts the passwords of all
of your users but they fail because of no Unix-account (if you didn't
insert funky stuff into your nsswitch.conf that is). And with the
configuration above you should also get an AFS token and a PAG. What's
more to want? ;-)


Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (GNU/Linux)