[OpenAFS] Re: ssh+afs logins fail on IRIX 6.5.15
Charles Clancy
security@xauth.net
Wed, 29 May 2002 15:50:38 -0500 (CDT)
> >Also, since I presume you are using kth kerberos 4, be sure you have
> >the right entries in /etc/krb.conf and /etc/krb.realms.
>
> Ok, so here is the part that shows my ignorance of kerberos. :-/ I
> did not have these files installed. After installing krb.conf, I was
> able to authenticate and log in (hurray!) but things are still not
> working quite right. I end up in my proper login directory but don't
> seem to have authorization to run my .cshrc file (~/.cshrc is a
> symlink to ~/private/.cshrc which is 755). The 'tokens' command does
> not list any tokens held by the Cache Manager.
Well, Kerberos TGT != AFS Token. Now that SSH is giving you a K4 TGT,
you'll need to run something like afslog, which comes with the kth krb4
distro, to get a token. I suspect sshd could be easily modified to do
this for you. In the past, I've just added it to /etc/csh.cshrc, in
situations where I haven't needed to support FTP.
I'm not entirely sure if this functionality is included if you do a
"--with-afs" during a ./configure or not.
[ t charles clancy ]-[ tclancy@uiuc.edu ]-[ uiuc.edu/~tclancy ]