[OpenAFS-devel] AFS and SSH once again
Matthew Kolb
m.kolb@mac.com
Fri, 16 Nov 2007 15:05:45 -0500
On Nov 16, 2007, at 2:44 PM, Russ Allbery wrote:
> Atro Tossavainen <atro.tossavainen+openafs@helsinki.fi> writes:
>
>> One final point remains, though. I can log in using AFS passwords,
>> but
>> am not getting a token. The distribution includes OpenSSH 4.3p2, and
>> whether set_token is included or not doesn't seem to matter.
>
>> Here is the /etc/pam.d/system-auth:
>
>> auth required pam_env.so
>> auth sufficient pam_afs.so setenv_password_expires
>> ignore_root set_token debug
>
> pam_afs doen't work properly with ssh because it tries to do all of
> its
> work in the auth stack instead of using the session stack to set up
> tokens.
Can you clarify this Russ? I am using pam with sshd-kbdint and it
works properly (I'm given a token) on Solaris 10.
./mk
--
Matthew Kolb
m.kolb@mac.com