[OpenAFS-devel] New OpenSSH
Douglas E. Engert
deengert@anl.gov
Wed, 25 Feb 2004 10:06:56 -0600
Andrei Maslennikov wrote:
>
> On Wed, 25 Feb 2004, Douglas E. Engert wrote:
> >
> > Do you have some PAM routine yo get the AFS token?
>
> No. We have to support SSH also on pamless platforms.
>
> >
> > Did you set "KerberosGetAFSToken yes" in the sshd_config?
>
> Sure. And it works correctly for K5-password, but not with
> gssapi-with-mic. The reason why it does work in this
> way was just explained by Simon Wilkinson in his previous
> posting: it was *designed* to work in this manner.
What? I missed that note.
>
> >
> > (I have a newer version which does the setpag in the current
> > process)
>
> Please send it to me, maybe I will manage to combine it with
> 3.8p1. I first thought I could easily do the same trick as
> we did in 3.7.1p2, but I was wrong. Whatever happens, I don't
> want to renounce the passwordless and tokenized gssapi cruising
> among machines. It is just what we all want.
Will send via seperate e-mail. I got it working with 3.8p1 yesterday.
>
> Thanks and greetings - Andrei.
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444