[OpenAFS-devel] How can I use rsh to connect with AFS
Neulinger, Nathan
nneul@umr.edu
Mon, 14 Jan 2002 09:36:45 -0600
I strongly suggest against using that inetd or any of the sortof-afsized rsh
tools that come with afs. You're much better off installing kerberos.
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Charles Clancy [mailto:security@xauth.net]
> Sent: Monday, January 14, 2002 9:32 AM
> To: openafs-devel@openafs.org
> Cc: u85021@ice.ntnu.edu.tw
> Subject: Re: [OpenAFS-devel] How can I use rsh to connect with AFS
>
>
> > > > The problem is that rsh does not forward tickets/tokens
> so you don't
> > > > have any AFS priviledges on the remote (server) machine.
> > >
> > > If you have issued forwardable krb5 tickets and a rsh
> that can forward
> > > these tickets and a afslog program that can turn these forwarded
> > > tickets into tokens on the target machine it works. I
> suppose you do
> > > not have all of the above in place. The Heimdal krb5 package has
> > > the building pieces to make this work.
> >
> > So does MIT Krb5, but it sounded like they were using KAServer...
>
> Can't you just use the pam_afs.krb modules to keep your K4 TGT around,
> forward that, and then use afslog? Works with SSH.
>
> Also, I the inetd that comes with AFS automatically does
> token passing for
> you. See "Using UNIX Remote Services in the AFS Environment"
> in the AFS
> admin guide and AFS admin reference:
>
http://www.cs.rose-hulman.edu/docs/afs-doc/html/AdminGd/auagd007.htm#HDRWQ78
and
http://www.cs.rose-hulman.edu/docs/afs-doc/html/AdminRef/auarf179.htm#HDRINE
TD
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy
_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel