Morris Strongson <[EMAIL PROTECTED]> writes:
> Is there any way to make specific users' AFS accounts/passwords
> inaccessible without deleting their accounts completely?
Yes, set the account NOTGS. kas setf <username> notgs. This disables
their ability to obtain a TGT from the Kerberos server. (Note that this
assumes that you're running the AFS kaserver; you may need to use a
different procedure if you're running a separate Kerberos realm.)
> If so, how can this be reversed?
kas setf <username> tgs
See the documentation for kas for other options and the commands to view
accounts.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
