[OpenAFS-devel] How can I use rsh to connect with AFS
Charles Clancy
security@xauth.net
Tue, 15 Jan 2002 23:22:45 -0600 (CST)
> That would be because (a) Kerberos V4 doesn't have ticket forwarding, and
> (b) these things likely predate AFS's use of Kerberos.
Then how does this work (sshd_config):
KerberosAuthentication yes
KerberosOrLocalPasswd yes
AFSTokenPassing yes
KerberosTicketCleanup no
for [Open]SSH's --with-kerberos4 / --with-afs ?
When you say Kerberos V4 doesn't have ticket forwarding, do you mean that
Kerberos can only do authentication with one's TGT, and then one would
have to manually obtain other Kerberos tickets? Or do you mean no TGT
passing either?
If one used klog.krb, and the kerberized (V4) r* utilities, and afslog on
the other end, would this be more secure than the AFS r* utilities?
--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy