-----Original Message-----
     From: Ron Croonenberg [mailto:[EMAIL PROTECTED] 
     Sent: Wednesday, August 24, 2005 2:13 PM
     To: [EMAIL PROTECTED]
     Cc: [email protected]
     Subject: RE: [OpenAFS] running vos from "another" machine
     
     
     Hi Kim,
     
     >Hi Ron,
     
     >Guess you're up and running :)
     
     Yup,  had some communication problems between the "old" 
     server and the new box.
     
     >The AFS commands can be run from any AFS client.
     
     Right..  BUT I don't want to just install the AFS client 
     because I don't want anyone to really have access to that machine.
     
Installing the AFS client doesn't grant anyone access to that machine.

     >AFAIK if a user doesn't have an entry in /etc/passwd 
     they're not able >to log in.  PAM may be able to 
     circumvent this, I'm not an expert, but
     > suspect if you try using an /etc/passwd with just the 
     permitted login
     > users that it will work.
     
     >IOW -- set the machine up as an AFS client, and any of the AFS 
     >commands can be run from that client.  Trim the /etc/passwd file
     > and see if you can still log in as one of the deleted users.
     
     Uhm, ok,  someone else suggested to not do any "pam" 
     stuff..  that way afs users can simply not use the machine.
     
That should work as long as there are no local (non-AFS) accounts with local
passwords.

I prefer leaving PAM properly configured.

Keep in mind that if PAM doesn't work for anyone else it won't work for you
either, so be sure to have a local account or a local password for your AFS
account.

You'll have to klog after you log in.

     I thought that maybe there was some "elegant" way to do 
     what I wanted.
     
I'm sure we could come up with something more complicated :)

     >Kim
     
     thanks,
     
     Ron
     
     =================================
     Kim (Dexter) Kimball
     CCRE, Inc.
     kim<dot>kimball<at>jpl.nasa.gov
     dhk<at>ccre.com
     
     
     
          -----Original Message-----
          From: [EMAIL PROTECTED] 
          [mailto:[EMAIL PROTECTED] On Behalf Of Ron 
          Croonenberg
          Sent: Wednesday, August 24, 2005 11:36 AM
          To: [email protected]
          Subject: [OpenAFS] running vos from "another" machine
          
          
          Hello all,
          
          I want a machine that is not "per se" an OpenAFS client or 
          server to be
          able to run vos so I can dump volumes in a cell.
          
          (Actually what I want is "a" machine to run OpenAFS so 
          that I can use
          vos on it, but I don't want anyone with an afs account to 
          be able to log
          in to the box, except an OpenAFS admin maybe.)
          
          Can that be done ? (and if so what do I need ?)
          
          thanks,
          
          Ron
          
          _______________________________________________
          OpenAFS-info mailing list
          [email protected]
          https://lists.openafs.org/mailman/listinfo/openafs-info
          
     
     
     
     


_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to