[OpenAFS] Re: CVS, GSSAPI, and AFS tokens
Douglas E. Engert
deengert@anl.gov
Wed, 14 Nov 2007 10:59:24 -0600
Jeff Blaine wrote:
> Feeding results back for others -- the following appears to
> work fine so far. I cleared all creds on the server for
> user jblaine (krb5 and AFS tokens) and was able to checkout
> from AFS ACL-protected space lacking system:anyuser privs.
>
> Client:
>
> CVS_RSH=/usr/bin/ssh
> CVSROOT=:ext:jblaine@whatever.com:/afs/my/cvsroot
>
> Server:
>
> sshd configured for PAM auth +
> pam_krb5.so (Russ Alberry's) +
> pam_afs_session.so
>
> I've yet to try to figure it all out with ticket forwarding.
Sounds like it did forward, and sshd uses pam_afs_session to get the
token.
You could try ssh by itself, then do a klist; tokens
Or start sshd -ddd
and look at the debug as you connect to cvs.
>
> Jeff Blaine wrote:
>> How are people handling krb5 auth with CVS and also getting
>> tokens for gserver connections (GSSAPI/krb5)?
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444