[OpenAFS-devel] getting a token on login - Debian comment

Tim Spriggs tims@lpl.arizona.edu
Tue, 5 Jul 2005 07:10:05 -0700 (MST)


On Tue, 5 Jul 2005, Terry Gliedt wrote:

> Josh Fiske wrote:
> > Hi all,
> >
> > I have been struggling with a lingering issue for the past several days. I
> > am in the process of setting up a public login box for a number of users
> > whose home directories are stored in AFS.  As such, it is necessary for
> > them to obtain a token upon login (via ssh).  I have read a bit of the
> > older posts to this list and haven't found much that helps me...
> >
> > Tidbits:
> >   - We currently have a Krb4 based AFS cell.
> >   - I understand that AFS support was dropped from OpenSSH a while ago
> >   - I would prefer to be able to continue using SSH v2
> >   - I currently have PAM setup to authenticate a user to AFS, but once
> > logged in this user does not get a token
> >
> > Any thoughts or pointers would be appreciated,
>
> I just spent three days to discover that Debian unstable has an ssh
> package that failed to have 'Use PAM yes' in /etc/ssh/sshd_config. Drove
> me crazy before I found it. Maybe you too?  Good luck

Also interesting about the Debian afs packages is the lack of kaserver. It
took me a while to find out that the package maintainer explicitly leaves
it out under the guise that new server installations should not use it.

-Tim

  /++--._.--++\  .                     _.-._
       \|/                           /+
        |       /|\  /| _.-._.-._   <{
        +        |    |/         \   \_
       /_\      _|_   |           |    ^=-._
                                            \
Lunar and Planetary Lab                     }>
(520) 626 - 4991 -- SS 416                 _/
_______________________________________.-=$/  <|>

1629 E. University Blvd.
University of Arizona