[OpenAFS-devel] New OpenSSH
sxw@inf.ed.ac.uk
sxw@inf.ed.ac.uk
Wed, 25 Feb 2004 00:02:31 +0000 (GMT)
On Wed, 25 Feb 2004, Andrei Maslennikov wrote:
> On Tue, 24 Feb 2004, Jim Rees wrote:
>
> 1) gssapi was replaced with gssapi-with-mic, and this means that
> ssh_config now should contain:
Also note that gssapi-with-mic is incompatible with the 'gssapi' userauth
authentication method in 3.7, and earlier in my patches. There is also no
support for GSSAPI key exchange.
> 3) Connecting from a session wit k5 creds:
> ---------------------------------------
> GSSAPI authentication works and K5 credentials are being
> forwarded correctly. However, while I am admitted to the host
> with gssapi-with-mic, I am not getting token/pagsh anymore
> (like in case of K5-password login).
Yes. The code paths here are completely different, and the AFS code in
OpenSSH is only invoked if a credentials cache is obtained directly
through Kerberos (rather than through GSSAPI).
Cheers,
Simon.