[OpenAFS] SFTP <-> AFS
Christopher D. Clausen
cclausen@acm.org
Fri, 13 Oct 2006 19:23:16 -0500
Adam Megacz <megacz@cs.berkeley.edu> wrote:
> Is there any advice out there on setting up SFTP access to AFS with
> cross-realm authentication?
>
> The idea is that you would supply user@REALMCELL as your username and
> your Kerberos password as the password. Remote users should not be
> able to start interactive shell sessions or remotely execute commands.
>
> Essentially, I'm looking for something that does for SFTP what
> mod_waklog does for HTTP. Ideally that would mean not trying to do a
> setuid() to the user's PTS id, but rather just picking up and dropping
> tokens.
Just setup Kerberized SSH and then set user shells to something that
only allows SFTP. I assume that actually running a shell as the user
wouldn't be a problem?
<<CDC
--
Christopher D. Clausen
ACM@UIUC SysAdmin