= Authentication Scheme =

Regarding the exact authentication mechanism on HCoop. Each machine is unconditionally configured in one of the modes:

 1. No user logins are allowed
 1. User logins allowed, go through Kerberos and AFS
 1. User logins allowed, go through local Unix authentication, on local disk

All login configuration is done through PAM (/etc/pam.d/* files).

If /etc/login.restrict file is present, it automatically limits logins only to accounts listed in the file.

Speaking of Kerberos login, it's useful to mention/remind ourselves of the ''~/.k5login'' feature (see manpage). We don't rely on this anywhere, but as said, useful to know about.