[OpenAFS] OS X 10.5 and kerberos ssh logins
Stephen Joyce
stephen@physics.unc.edu
Thu, 30 Jul 2009 08:39:55 -0400 (EDT)
On Wed, 29 Jul 2009, Andy Cobaugh wrote:
> Are you able to login at all _without_ GSSAPI, i.e. with a password? We're
> unable to, and that's the only major problem we're still seeing. Although
> come to think about it, this might be alleviated if we use Russ's pam_krb5,
> hmm...
Hi Andy,
I'm able to log into 10.5, getting tickets and tokens, using a password.
Russ A's pam_krb5 failed horribly for me on Leopard (it builds, with
tweaks, but fails if it tries to store the ticket after auth). The pam_krb5
from sourceforge works well, however.
Russ A's pam_afs_session does work well to get tokens. Just make sure that
pam_krb5 is "sufficient" and comes before pam_securityserver.so in your
stack.
Let me know (probably offlist) if you need any more hints.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University of North Carolina at Chapel Hill
voice: 919.962.7214
fax: 919.962.0480