|
Size: 611
Comment:
|
Size: 678
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 13: | Line 13: |
| Speaking of Kerberos login, it's useful to mention/remind ourselves of the ''~/.k5login'' feature (see manpage). | Speaking of Kerberos login, it's useful to mention/remind ourselves of the ''~/.k5login'' feature (see manpage). We don't rely on this anywhere, but as said, useful to know about. |
1. Authentication Scheme
Regarding the exact authentication mechanism on HCoop. Each machine is unconditionally configured in one of the modes:
- No user logins are allowed
- User logins allowed, go through Kerberos and AFS
- User logins allowed, go through local Unix authentication, on local disk
All login configuration is done through PAM (/etc/pam.d/* files).
If /etc/login.restrict file is present, it automatically limits logins only to accounts listed in the file.
Speaking of Kerberos login, it's useful to mention/remind ourselves of the ~/.k5login feature (see manpage). We don't rely on this anywhere, but as said, useful to know about.