[OpenAFS] afs / openssh

Johnny B . Johnny B ." <syborg@stny.rr.com
Sat, 5 Jan 2002 20:41:56 -0500


On Sat, Jan 05, 2002 at 02:36:31PM -0500, Derek Atkins wrote:
> I'm not sure what you want to do -- do you want to be able to pass AFS
> tokens through SSH?  Or do you want to be able to use AFS's Kerberos
> Authentication as a single-signon?  For the former, I believe that

I'd like to be able to connect to my AFS cell externally using ssh
protocol 2. At the moment I believe AFS support is limited to ssh1 and
thats what I'm trying to get working. My original question was if the
exact process for installing sshd w/ afs support was documented
anywhere. I got it working a long time ago (actually Brian did :-) and
I can't remember hoe he/we did it. I'll figure it out.

> OpenSSH can be configured to pass AFS tokens (but I don't know exactly
> how that works).  For the latter you need to setup Kerberos
> authentication by creating a srvtab (aka keytab) for the server and
> have your clients obtain a TGT so they can authenticate to the server
> using Kerberos.  If you want the latter, you're better off setting up
> a real Kerberos server.

I've never setup a kerberos server. It doesn't *sound* trivial but
I'll look into it. I really just want to be able to connect to my afs
cell remotely. Tomorrow (over a pot of coffee) I'll figure out whats
wrong with my setup, hopefully. 

Thanks for the food for thought!

--jb

> 
> -derek
> 
> "Johnny B ." <syborg@stny.rr.com> writes:
> 
> > Hello All
> > 
> > Is there a good document anywhere explaining how to best set up sshd
> > to authenticate with AFS? Both ssh and AFS work fine on their own, but
> > I cant get ssh to authenticate with AFS.
> > 
> > Any help or pointers to docs would be great!
> > 
> > --jb
> > 
> > +-----------------------
> > | John Bleichert                       
> > | syborg@stny.rr.com
> > 
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available

+-----------------------
| John Bleichert                       
| syborg@stny.rr.com