[OpenAFS-devel] getting a token on login

Josh Fiske jfiske@clarkson.edu
Tue, 5 Jul 2005 14:49:17 -0400 

This is a multipart message in MIME format.
--=_alternative 00675C1585257035_=
Content-Type: text/plain; charset="US-ASCII"

Russ,

I would appreciate seeing the patches.  Though it should be noted that I 
am trying to make this work with RHEL4/FC4.  Perhaps your patches will 
lead me towards something useful.  If you'd prefer, you can send them to 
me off-list.

Thanks,

-- Josh
- - - - -
Joshua Fiske, Network and Security Engineer
Clarkson University, Office of Information Technology
(315) 268-6722 -- Fax: (315) 268-6570
jfiske@clarkson.edu



Russ Allbery <rra@stanford.edu> 
Sent by: openafs-devel-admin@openafs.org
07/05/2005 01:04 PM

To
openafs-devel@openafs.org
cc

Subject
Re: [OpenAFS-devel] getting a token on login






Josh Fiske <jfiske@clarkson.edu> writes:

> I have been struggling with a lingering issue for the past several
> days. I am in the process of setting up a public login box for a number
> of users whose home directories are stored in AFS.  As such, it is
> necessary for them to obtain a token upon login (via ssh).  I have read
> a bit of the older posts to this list and haven't found much that helps
> me...

> Tidbits:
>   - We currently have a Krb4 based AFS cell.
>   - I understand that AFS support was dropped from OpenSSH a while ago
>   - I would prefer to be able to continue using SSH v2
>   - I currently have PAM setup to authenticate a user to AFS, but once 
> logged in this user does not get a token

> Any thoughts or pointers would be appreciated,

The PAM module that comes with OpenAFS works for me with Debian's ssh if
and only if one links it against the libafsrpc and libafsauthent libraries
and -lpthread.  Note that this means linking non-PIC code into a shared
object, which means it will work on x86 but may not work on other Linux
platforms.  On non-Linux, this should be even easier since the pthread
stuff shouldn't be required and you should be able to just use the AFS PAM
module as is.

I have patches and whatnot I can provide if desired.

Note, however, that I have had exactly no luck getting it to work with the
ssh that comes with RHEL4, for reasons that I don't understand.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel


--=_alternative 00675C1585257035_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">Russ,</font>
<br>
<br><font size=2 face="sans-serif">I would appreciate seeing the patches.
&nbsp;Though it should be noted that I am trying to make this work with
RHEL4/FC4. &nbsp;Perhaps your patches will lead me towards something useful.
&nbsp;If you'd prefer, you can send them to me off-list.</font>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br>
<br><font size=2 face="sans-serif">-- Josh<br>
- - - - -<br>
Joshua Fiske, Network and Security Engineer<br>
Clarkson University, Office of Information Technology<br>
(315) 268-6722 -- Fax: (315) 268-6570<br>
jfiske@clarkson.edu</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Russ Allbery &lt;rra@stanford.edu&gt;</b>
</font>
<br><font size=1 face="sans-serif">Sent by: openafs-devel-admin@openafs.org</font>
<p><font size=1 face="sans-serif">07/05/2005 01:04 PM</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">openafs-devel@openafs.org</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: [OpenAFS-devel] getting
a token on login</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Josh Fiske &lt;jfiske@clarkson.edu&gt; writes:<br>
<br>
&gt; I have been struggling with a lingering issue for the past several<br>
&gt; days. I am in the process of setting up a public login box for a number<br>
&gt; of users whose home directories are stored in AFS. &nbsp;As such,
it is<br>
&gt; necessary for them to obtain a token upon login (via ssh). &nbsp;I
have read<br>
&gt; a bit of the older posts to this list and haven't found much that
helps<br>
&gt; me...<br>
<br>
&gt; Tidbits:<br>
&gt; &nbsp; - We currently have a Krb4 based AFS cell.<br>
&gt; &nbsp; - I understand that AFS support was dropped from OpenSSH a
while ago<br>
&gt; &nbsp; - I would prefer to be able to continue using SSH v2<br>
&gt; &nbsp; - I currently have PAM setup to authenticate a user to AFS,
but once <br>
&gt; logged in this user does not get a token<br>
<br>
&gt; Any thoughts or pointers would be appreciated,<br>
<br>
The PAM module that comes with OpenAFS works for me with Debian's ssh if<br>
and only if one links it against the libafsrpc and libafsauthent libraries<br>
and -lpthread. &nbsp;Note that this means linking non-PIC code into a shared<br>
object, which means it will work on x86 but may not work on other Linux<br>
platforms. &nbsp;On non-Linux, this should be even easier since the pthread<br>
stuff shouldn't be required and you should be able to just use the AFS
PAM<br>
module as is.<br>
<br>
I have patches and whatnot I can provide if desired.<br>
<br>
Note, however, that I have had exactly no luck getting it to work with
the<br>
ssh that comes with RHEL4, for reasons that I don't understand.<br>
<br>
-- <br>
Russ Allbery (rra@stanford.edu) &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&lt;http://www.eyrie.org/~eagle/&gt;<br>
_______________________________________________<br>
OpenAFS-devel mailing list<br>
OpenAFS-devel@openafs.org<br>
https://lists.openafs.org/mailman/listinfo/openafs-devel<br>
</tt></font>
<br>
--=_alternative 00675C1585257035_=--