Hi,
when we first tried to follow Transarc's instructions on how to
implement integrated AFS-login on an AFS3.4a-Beta-Client, we had the
same problems as described in your e-mail.
After several attempts to find out the correct
specifications in /etc/security/login.cfg and /etc/security/user,
we finally got it (thus discovering Transarc's instructions to be misleading).
This is what we did:
/etc/security/login.cfg:
DCE:
program = /usr/lib/security/DCE
AFS:
program = /usr/vice/etc/afs_dynamic_auth
retry = 3
timeout = 30
retry_delay = 10
The DCE-Entry must be included, even when the DCE-Client-Software is not
installed! If it is left out, this will lead to some weird by-effects,
like mkuser/mkgroup and chown <user>.<group> <file> commands crashing!
/etc/security/user:
SYSTEM = "AFS OR (AFS[UNAVAIL] AND compat[SUCCESS])"
registry = AFS
These entries are essential to make AFS-authentication working.
They can be included
- either in the default stanza.
Users, who are to be authenticated only locally,
then should have the entries
SYSTEM = compat
registry = files
in their appropriate stanzas.
- or in the AFS-authenticated user stanzas, with the
default entries being
SYSTEM = compat
registry = files
I hope this works with your installation also.
Best wishes
Hermann Frasch
remotesig
