Re: Login troubles with afs 3.4 and aix 4.1 - report# 19786/19930

Paul Blackburn Mon, 5 Feb 1996 13:38:12 +0100
Hello Renata,

I understand from your posting to [EMAIL PROTECTED] [1] that
you are having problems getting AFS authenticated login and 
local "AIX only" login to work together for AFS 34a and AIX 414.

Here is how we do it on our systems:

a) In /etc/security/user the default stanza reads:

    default:
            registry = DCE
            admin = false
            login = true
            su = true
            daemon = true
            rlogin = true
            sugroups = ALL
            admgroups =
            ttys = ALL
            auth1 = SYSTEM
            auth2 = NONE
            tpath = nosak
            umask = 022
            expires = 0
            logintimes = 
            SYSTEM = "AFS OR AFS [UNAVAIL] AND compat [SUCCESS]"
            pwdwarntime = 0
            account_locked = false
            loginretries = 0
            histexpire = 0
            histsize = 0
            minage = 0
            maxage = 0
            maxexpired = -1
            minalpha = 0
            minother = 0
            minlen = 0
            mindiff = 0
            maxrepeats = 8
            dictionlist =
            pwdchecks =

    NB the two important lines are:
            registry = DCE
    and
            SYSTEM = "AFS OR AFS [UNAVAIL] AND compat [SUCCESS]"

b) Also in /etc/security/user, we have a local user "root":

    root:
            registry = files
            admin = true
            SYSTEM = "compat"
            loginretries = 0
            account_locked = false

    NB the two important lines are:
            registry = files
    and
            SYSTEM = "compat"

c) In /etc/security/login.cfg, we add the following two stanzas:

    DCE:
            program = /usr/vice/etc/afs_dynamic_auth

    AFS:
            program = /usr/vice/etc/afs_dynamic_auth
            retry = 3
            timeout = 30
            retry_delay = 10


d) Add user lines to your /etc/passwd file like:

    ren:X:9997:1:Ren Hoek:/afs/nikelodeon/u/ren:/bin/ksh
    stimpy:X:9998:1:Stimpson J Cat:/afs/nikelodeon/u/stimpy:/bin/ksh

f) Ensure there is an entry in /etc/group for each user [3] in /etc/passwd:

    staff:!:1:ren,stimpy

Note that "registry = files" for root in /etc/security/user means the password
is stored locally on this system (no NIS or YP involved).

Also, for the CDE "dtlogin" to handle AFS authentication, we use an
internally (IBM) supplied version of dtlogin.

You might also find "mk-afs-login" [2] (part of "afs_install") useful.

Hope this helps!
--
regards
paul                             http://acm.org/~mpb/homepage.html

References:

[1] Re: Login troubles with afs 3.4 and aix 4.1 - report# 19786/19930
    http://www-archive.stanford.edu/lists/info-afs/hyper95/0902.html

[2] mk-afs-login afs_install
    ftp://ftp.transarc.com/pub/afs_contrib/tools/afs_install/

[3] Ren & Stimpy page (included here for light relief ;-)
    http://www.cris.com/~lkarper/rands.html
Re: Login troubles with afs 3.4 and aix 4.1 - report# 19786/19930

Reply via email to
