>
>We maintain consistency between the AFS password and the (encrypted)
>password stored in /etc/passwd by replacing /bin/passwd with a perl
>script which uses sysctl to talk to a trusted machine (one of our AFS
>database servers). On the backend, another perl script is used to
>update the password in both places (AFS Kerberos DB and /etc/passwd).
>sysctl assures that the process is secure.
>
Am I missing something here? Why couldn't you use this as a passwd
entry:
jpublic:AFS:1000:10:John Q. Public III:/u/jpublic:/bin/tcsh
If the system uses the transarc login/rlogind, then authentication comes
exclusively from the AFS passwd, and users change their passwd
exclusively with kpasswd. Obviously a few programs (xlock and pcnfs
come to mind) need to be modified, but is there something inherently
wrong with this approach?
-Tom
------------------------------------------------------------------------
- Thomas J. Orban U S WEST Advanced Technologies -
- [EMAIL PROTECTED] 4001 Discovery Drive -
- (303) 541-6620 Boulder, CO 80303 -
------------------------------------------------------------------------
