[OpenAFS-devel] AFS and SSH once again

Matthew Kolb m.kolb@mac.com
Fri, 16 Nov 2007 15:05:45 -0500


On Nov 16, 2007, at 2:44 PM, Russ Allbery wrote:

> Atro Tossavainen <atro.tossavainen+openafs@helsinki.fi> writes:
>
>> One final point remains, though.  I can log in using AFS passwords,  
>> but
>> am not getting a token.  The distribution includes OpenSSH 4.3p2, and
>> whether set_token is included or not doesn't seem to matter.
>
>> Here is the /etc/pam.d/system-auth:
>
>> auth        required      pam_env.so
>> auth        sufficient    pam_afs.so setenv_password_expires  
>> ignore_root set_token debug
>
> pam_afs doen't work properly with ssh because it tries to do all of  
> its
> work in the auth stack instead of using the session stack to set up
> tokens.


Can you clarify this Russ?  I am using pam with sshd-kbdint and it  
works properly (I'm given a token) on Solaris 10.

./mk
-- 
Matthew Kolb
m.kolb@mac.com