[OpenAFS-devel] AFS and SSH once again
Matthew Kolb
m.kolb@mac.com
Fri, 16 Nov 2007 19:49:42 -0500
On Nov 16, 2007, at 6:27 PM, Simon Wilkinson wrote:
>
> On 16 Nov 2007, at 23:12, Russ Allbery wrote:
>
>>
>> pam_afs creates a PAG and a token in a subprocess of ssh that is
>> discarded
>> after authentication. If this works on Solaris, I don't know how.
>
> SunSSH doesn't use the same mechanism for intertwining the PAM and
> SSH event loops that OpenSSH uses. In particular, I believe that
> SunSSH preserves the behaviour that the authentication stack is
> executed by a process that is an ancestor of the child shell.
Thanks for the additional information. The code is all available
(well, mostly) http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/ssh/
and there are some differences that the Sun SSH team took the time to
point out, at least with the privsep. I hadn't realized that the
branch of SUNWssh* from OpenSSH was as substantial as it appears to be.
./mk
--
Matthew Kolb
m.kolb@mac.com