[OpenAFS] kaserver vs. Kerberos IV

Christian Pfaffel flash@itp.tu-graz.ac.at
28 Oct 2002 13:55:59 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derrick J Brashear <shadow@dementia.org> writes:

> On 27 Oct 2002, Ian Delahorne wrote:
> 
> > > 
> > > Actually, there ARE patches for kerberized SSH (I used them every day ;)
> > 
> > And it isn't on in v2 IIRC, for a reason (huge security holes is what
> > I heard from the local OpenBSD/OpenSSH developers). Or maybe that was
> > the token passing.
> 
> Give up (on the v4/AFS) stuff, use the GSS ssh patches, move along.
> 
> Yes, the token passing had bugs, but they were fixed. Sounds like FUD, but
> I still don't recommend it, just the same.
> 

Just one question: I applied Simon Wilkinson GSS ssh patches to
openssh.  Authentication to the remote host works fine, I don't need
to retype my password.

Problem is, I don't get afs tokens. I have put a line for aklog into
/etc/ssh/sshrc, but sshrc gets only executed after sshd has tried to
chdir into $HOME.

What are possible/available solutions for this problem.

Thanks for your advice,

Christian Pfaffel

- -- 
PGP-Key: http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>

iD8DBQE9vTPMzNp7/ndBhMQRArpOAJ9GyW4caxL7H92s0vsW/QPTgV0i3ACdECf0
poXyFvugB8OxqnHEos04pak=
=TUgN
-----END PGP SIGNATURE-----