[OpenAFS] SSH: pag after ticket forwarding
John Koyle
jkoyle@rfpdepot.com
Thu, 24 Feb 2005 16:34:43 -0700
Franco "Sensei" wrote:
> Hi.
>
> I'm using openssh 3.9p1 for sso under various distributions: mainly
> debian which ships with openssh 3.4p1, suse and rh (the latter is not
> so important for me now). My environment is openafs (no kaserver), mit
> kerberos 5.
>
> Suse user heimdal, so kinit gets tickets and a token directly. I can
> ssh without passwords between suse machines but I can't get the
> respective token:
>
Make sure you are using the pam module. Here's the
/etc/security/pam_unix2.conf file on all my suse systems:
auth: call_modules=krb5afs nullok
account: use_ldap call_modules=krb5afs
password: call_modules=krb5afs nullok
session: none
You may not have LDAP installed on your systems though, so the main
thing you're after is the krb5afs entries. I am using the stock OpenSSH
and OpenAFS on all my SuSE boxes and everything works fine, no patches
needed.
John