[OpenAFS] OpenSSH with krb and afs
Peter Nelson
pnelson@andrew.cmu.edu
Fri, 20 Aug 2004 19:59:55 -0500
Douglas E. Engert wrote:
> Peter Nelson wrote:
>
>> So after a few hours of hacking around I finally have kerberos-based
>> authentication *almost* completely work. I'm using a combination of
>> pam_krb5 and pam_openafs_session for login to get tickets and tokens
>> and that works fine. I read however that ssh's privilage seperation
>> breaks the pam modules so I'm using kerberos built into ssh. Here is
>> the relevent configuration I have from sshd_config that almost works:
>
> The problem is most likely that when you use the GSSAPI, the GSSPAI
> will store the credentials and set the KRB5CCNAME environment variable,
> but the OpenSSH code is session.c:
Thanks for the pointer. I did a bit more searching and found a patch on
the openssh mailing list that fixes up at code in session.c to use the
gssapi credentials. Seems to be working perfectly so I wonder why the
patch wasn't accepted.
<http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=107784415709841&w=2>
-Peter