[OpenAFS-devel] New OpenSSH

Douglas E. Engert deengert@anl.gov
Wed, 25 Feb 2004 10:06:56 -0600


Andrei Maslennikov wrote:
> 
> On Wed, 25 Feb 2004, Douglas E. Engert wrote:
> >
> > Do you have some PAM routine yo get the AFS token?
> 
>   No. We have to support SSH also on pamless platforms.
> 
> >
> > Did you set "KerberosGetAFSToken yes" in the sshd_config?
> 
>   Sure. And it works correctly for K5-password, but not with
>   gssapi-with-mic. The reason why it does work in this
>   way was just explained by Simon Wilkinson in his previous
>   posting: it was *designed* to work in this manner.

What? I missed that note. 

> 
> >
> > (I have a newer version which does the setpag in the current
> > process)
> 
>   Please send it to me, maybe I will manage to combine it with
>   3.8p1. I first thought I could easily do the same trick as
>   we did in 3.7.1p2, but I was wrong. Whatever happens, I don't
>   want to renounce the passwordless and tokenized gssapi cruising
>   among machines. It is just what we all want.

Will send via seperate e-mail. I got it working with 3.8p1 yesterday.

> 
>   Thanks and greetings - Andrei.
> 
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444