[OpenAFS-devel] getting a token on login

[Russ Allbery]

Josh Fiske <jfiske@clarkson.edu> writes:

> I have been struggling with a lingering issue for the past several
> days. I am in the process of setting up a public login box for a number
> of users whose home directories are stored in AFS.  As such, it is
> necessary for them to obtain a token upon login (via ssh).  I have read
> a bit of the older posts to this list and haven't found much that helps
> me...

> Tidbits:
>   - We currently have a Krb4 based AFS cell.
>   - I understand that AFS support was dropped from OpenSSH a while ago
>   - I would prefer to be able to continue using SSH v2
>   - I currently have PAM setup to authenticate a user to AFS, but once 
> logged in this user does not get a token

> Any thoughts or pointers would be appreciated,

The PAM module that comes with OpenAFS works for me with Debian's ssh if
and only if one links it against the libafsrpc and libafsauthent libraries
and -lpthread.  Note that this means linking non-PIC code into a shared
object, which means it will work on x86 but may not work on other Linux
platforms.  On non-Linux, this should be even easier since the pthread
stuff shouldn't be required and you should be able to just use the AFS PAM
module as is.

I have patches and whatnot I can provide if desired.

Note, however, that I have had exactly no luck getting it to work with the
ssh that comes with RHEL4, for reasons that I don't understand.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>