[OpenAFS-devel] AFS and SSH once again
Russ Allbery
rra@stanford.edu
Fri, 16 Nov 2007 15:12:01 -0800
Matthew Kolb <m.kolb@mac.com> writes:
> On Nov 16, 2007, at 2:44 PM, Russ Allbery wrote:
>> pam_afs doen't work properly with ssh because it tries to do all of its
>> work in the auth stack instead of using the session stack to set up
>> tokens.
> Can you clarify this Russ? I am using pam with sshd-kbdint and it works
> properly (I'm given a token) on Solaris 10.
pam_afs creates a PAG and a token in a subprocess of ssh that is discarded
after authentication. If this works on Solaris, I don't know how.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>