[OpenAFS-devel] token passing in modern ssh?
Jeffrey Hutzelman
jhutz@cmu.edu
Sat, 11 Dec 2004 19:30:59 -0500
On Saturday, December 11, 2004 13:34:26 -0500 Jim Rees <rees@umich.edu>
wrote:
> Does anyone have patches to re-enable afs token passing in modern OpenAFS
> using protocol 2?
>
> I'm not crazy about token passing but I can't think of any other way to
> get all my tokens on the remote machine without using cross-realm
> authentication. Any other suggestions?
Probably not. The supported way of doing this is to use cross-realm krb5
authentication using the 'gssapi-with-mic' mechanism, forward tickets at
that time, and use the forwarded tickets to obtain tokens.
There is not currently any mechanism defined that will allow forwarding of
credentials or AFS tokens other than as a side-effect of GSSAPI
authentication.
-- Jeff