On Wed, Aug 24, 2005 at 06:48:11PM -0500, Ron Croonenberg wrote: > What I want is a local user on "that" machine (a backup server) to run > vos and create dumpfiles on that machine. Only very few (uuhh just > me....) are allowed on that machine. > I know I need to install afs in some sort of fashio, that's ok BUT I do > not want anyone to be able to log in to that backup server. (So yes I > need afs installed, possibly the client even...but if the client needs > to be on there ...I DON'T want any "regular" users (or any afs users) to > be able to log into that machine.
Absolutely possible with PAM, e.g.: auth required pam_krb5.so account required pam_unix.so session optional pam_openafs_session.so session required pam_unix.so and just put yourself with any UID/GID of your choice into /etc/passwd. Authorization via Kerberos accepts the passwords of all of your users but they fail because of no Unix-account (if you didn't insert funky stuff into your nsswitch.conf that is). And with the configuration above you should also get an AFS token and a PAG. What's more to want? ;-) Cheers Thimo
signature.asc
Description: Digital signature