[143] in Info-AFS_Redistribution
Re: authentication database vs. /etc/passwd ...
daemon@ATHENA.MIT.EDU (Tony_Mason@transarc.com)
Fri Jun 14 13:49:34 1991
Date: Fri, 14 Jun 1991 13:25:02 -0400 (EDT)
From: Tony_Mason@transarc.com
To: henry@ads.com, Info-AFS@transarc.com, Marybeth_Schultz@transarc.com,
In-Reply-To: <ccKCFZj0BwwO9KNbRe@transarc.com>
Craig's description of login is correct; if the AFS authentication step
fails then it falls back to the local password file. There are two
caveats here:
(1) even if AFS authentication succeeds, if the entry in the password
file is the char '*' the login will be disallowed.
(2) root is never authenticated with AFS. The password must be
available in /etc/passwd.
Implementing a change similar to that described by Craig is
straight-forward. Indeed, there is already backwards compatibility code
for handling the case where only the first eight characters were used
when the password was set and the case where all the characters were
used, so we do something very similar even now.
If you don't have source code to our modified login, the best fallback
may to simply inform your users of the need to set their AFS passwords
when they get the message:
Unable to authenticate to AFS because password was incorrect
proceeding with local authentication...
Tony Mason
mason+@transarc.com
