[OpenAFS] Re: CVS, GSSAPI, and AFS tokens

[Jeff Blaine]

Douglas E. Engert wrote:
> Jeff Blaine wrote:
>> Feeding results back for others -- the following appears to
>> work fine so far.  I cleared all creds on the server for
>> user jblaine (krb5 and AFS tokens) and was able to checkout
>> from AFS ACL-protected space lacking system:anyuser privs.
>>
>> Client:
>>
>>     CVS_RSH=/usr/bin/ssh
>>     CVSROOT=:ext:jblaine@whatever.com:/afs/my/cvsroot
>>
>> Server:
>>
>>     sshd configured for PAM auth +
>>     pam_krb5.so (Russ Alberry's) +
>>     pam_afs_session.so
>>
>> I've yet to try to figure it all out with ticket forwarding.
> 
> Sounds like it did forward, and sshd uses pam_afs_session to get the
> token.

No, I'm being asked for a password by pam_krb5.so.  I haven't
determined why yet.  I'll be sure to post if I figure it out.