That's not a problem; that's how it's supposed to work.
Think about it this way. Say you have a cell with, oh, 40,000 active
users (like us), and your desktop machine is an AFS client. How do you
control which of those 40,000 people can login to your machine? You
only put in /etc/passwd those people you want to be able to login.
[You old timers who've heard this propup bit before can stop reading. Bye.]
However, sometimes you set up a machine that you want anybody in your
cell to be able to login to. In that case, you can update your
/etc/passwd whenever you add people to your cell. Or you can make a
variant of http://www.unc.edu/~utoddl/propup.tar.gz. Propup is a little
pam module that reads a list of valid ids from a file in AFS and if
necessary updates your /etc/passwd file with a new entry if the user
trying to login is not already there and he should be. Feel free to
modify it to get its data from wherever you like. This was a
quick-n-dirty excuse to play with pam, and although it works, it's still
dirty. :)
Cheers,
--
+--------------------------------------------------------------+
/ [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl /
/ Those who jump off a Paris bridge are in Seine. /
+--------------------------------------------------------------+
Ron Croonenberg wrote:
Hi Derrick,
yes then it works. (and yes I use shadow)
When the username is in /etc/passwd and nthe password is different then
the afs password it does get logged in, get's an afs token and get's
the uid homedirectory shell info etc from ldap.
However, when I don't have a "local" userid, it doesn't work.
(Sounds like it is not an OpenAFS issue, but there must be more people
that ran into that problem)
Ron
Derrick J Brashear <[EMAIL PROTECTED]> 10/27/05 12:48 PM >>>
And the username in question is listed in /etc/passwd (and /etc/shadow
if you use shadow) right?
On Thu, 27 Oct 2005, Ron Croonenberg wrote:
I am trying to debug pam loging in to afs.
Before pam_afs and pam_unix are used sshd already complains that the
user that I try to login with is an illegal user.
(oort sshd[68250]: Illegal user cowboy from aaa.bbb.ccc.ddd)
Does that mean that sshd is not aware that there are other accounts,
OpenAFS accounts, then local accounts ?
If that's the case how do I make sshd afs aware ?
(on "other" linux machines I never ran into that problem)
thanks,
Ron
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
