[OpenAFS-devel] Re: OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos

Dean Anderson dean@av8.com
Sat, 31 Jan 2004 13:47:05 -0500 (EST)


Putty 5.3 didn't work with the afs-supplied afs pam module. and 3.7.1p2...
but maybe this can be fixed. Certainly, its a step.

My point though, is that the openssh should use the system (pam) routines
if it doesn't have any other method negotiated.  Presently, it will only
try to directly check the password file.

		--Dean

On Tue, 27 Jan 2004, James F.Hranicky wrote:

> On Tue, 27 Jan 2004 18:58:36 -0500 (EST)
> Dean Anderson <dean@av8.com> wrote:
> 
> > Nope. OpenSSH 3.7.1p1 works for me with privsep turned off. When privsep
> > is turned off, there is no subprocess.  3.7.1p1 has some additional
> > breakage, in that if your ssh client doesn't support 'interactive/pam' as
> > a method, then it won't send anything to pam. This means that only openssh
> > clients work with pam on openssh servers. E.g., putty won't work.
> 
> The latest version of putty (0.53b) does have keyboard int support, and I
> have it working fine with PAM/krb5 . 
> 
> Jim
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
>