[OpenAFS-devel] AFS and SSH once again

Matthew Kolb m.kolb@mac.com
Fri, 16 Nov 2007 19:49:42 -0500


On Nov 16, 2007, at 6:27 PM, Simon Wilkinson wrote:

>
> On 16 Nov 2007, at 23:12, Russ Allbery wrote:
>
>>
>> pam_afs creates a PAG and a token in a subprocess of ssh that is  
>> discarded
>> after authentication.  If this works on Solaris, I don't know how.
>
> SunSSH doesn't use the same mechanism for intertwining the PAM and  
> SSH event loops that OpenSSH uses. In particular, I believe that  
> SunSSH preserves the behaviour that the authentication stack is  
> executed by a process that is an ancestor of the child shell.

Thanks for the additional information.  The code is all available  
(well, mostly) http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/ssh/
and there are some differences that the Sun SSH team took the time to  
point out, at least with the privsep.  I hadn't realized that the  
branch of SUNWssh* from OpenSSH was as substantial as it appears to be.

./mk
-- 
Matthew Kolb
m.kolb@mac.com