[OpenAFS] (no subject)
Charles Clancy
mgrtcc@cs.rose-hulman.edu
Tue, 17 Jul 2001 09:20:36 -0500
> i just downloaded and installed openafs. so far it works great :-)
just one
> exception: secure shell. how do i get that bugger to work
Use OpenSSH with PAM. Compiling with AFS/Kerberos support is usually
not that easy. In my experience, the AFS, krb4, and Solaris libcrypto's
all fight with one another.
With OpenSSH, do the following:
./configure --with-pam --prefix=/usr/local/openssh (or whatever)
make; make install
Add the following lines to /etc/pam.conf:
sshd auth sufficient /usr/lib/security/pam_afs.so.1 ignore_root
sshd auth required /usr/lib/security/pam_unix.so.1
Make sure you copy pam_afs.so.1 from the lib directory of the OpenAFS
installation into /usr/lib/security.
I've been using this setup with OpenSSH since version 2.1, and it's
worked great. Before that, I used a PAM-patched version of SSH 1.2.27
on Solaris 7. I have managed to get AFS Token / Kerberos TGT passing
going with RSA-rhost authentication, so you can SSH around between
machines without using a password, but still keeping your AFS token.
This is extremely useful for clustering packages such as LAM-MPI.
However, in most cases, this isn't necessary, only a convenience.
_________________________________________
Charles Clancy, mgrtcc@cs.rose-hulman.edu
sysadmin emeritus - RHIT Computer Science