[OpenAFS] ssh+afs logins fail on IRIX 6.5.15
David R. Steiner
david.r.steiner@Dartmouth.EDU
Thu, 30 May 2002 09:28:07 -0400
At 8:11 -0400 5/30/02, Dave McMurtrie wrote:
> > What I am trying to figure out is:
>>
>> If kaserver uses udp 7004, how is it that when I successfully login,
>> sshd in debug mode reports that it is using the default port udp 750?
>
>Because you've configured openssh to do kerberos v4 authentication, not
>afs authentication. That's also why you don't have access to your afs
>homedir after you've successfully authenticated. A kerberos ticket does
>not give you afs access. An afs token does.
Ok, I understand that a krb ticket != afs token.
>You can configure openssh to
>pass your afs token to the remote machine. That should solve your
>problem. However, if your afs users can log in via console and everything
>afs works, I suspect that what you really want to do is make openssh just
>do the afs authentication instead of krb-v4.
So, just how does one do this? AFSTokenPassing and KerberosTgtPassing
are both set to "yes" in /etc/ssh/sshd_config. Is there something
else that needs to be done?
TIA
--
David R. Steiner david.r.steiner@dartmouth.edu
UNIX System Manager Phone: 603.646.3127
Dartmouth College Fax: 603.646.1041