Thank you Charles Clancy wrote:
>>After think a while, >>I got a solution in my mind: >> >><1>set nis passwd source file (before make) as invalid like "*NP*" or >>"!!", this make user can not login with nis passwd >> > >I really don't know what you mean by "nis passwd source file". I assume >you mean you are going to sent the password entries in the nis passwd >source file to the above suggestions. That should be fine. > I mean that nis maps is base on a passwd file (default is /etc/passwd), so <1>I change the makefile to point to another one (for example, /etc/nis/passwd) <2>and change the passwd field to "!!" or "*NP*" for each user BTW: *NP* is a formal string for password disable? or just the md5 can not get this string? >><2>setup client PAM to use afs auth >> > >Correct. > >><3>map the the user home folder to afs mount point >>it is right? >> > >You can do that. Something I've done in the past is to have the >directory: /afs/cell.domain.net/home > >and then make a symlink: ln -s /afs/cell.domain.net/home /home > >Users' home directories can then be in the standard place. > >>BTW: for cvs user, >><1>use cvs passwd to auth user, >> >You'd probably want a local account (not NIS or AFS) for the CVS user. > Yes, and current running cvs system is for part of system user. and more, it is requirement to check who change the cvs file and have a different permission for different project. (in general, the users do not want to have several passwords for many system) >><2>make a script to sync the nis passwd source file to cvs passwd file >>it is right again? >> > >Who do you want to log in to CVS? Do you want to have a single account >for everyone to share, or do you want regular AFS users to log in? If you >want AFS users to log in, you'll want to double check the status of PAM >support, or use Kerberos 5 support (if you are running kerberos 5 in your >cell). > it do not officially support PAM, and I found it maybe just read the /etc/passwd and /etc/shadow file and not support nis auth neither. it will be a big problem. I guess need to crack it to do that. > >-- >t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy > > > _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
