[OpenAFS] AFS, SSH and PAM
Dean Anderson
dean@av8.com
Sun, 21 Dec 2003 16:59:59 -0500 (EST)
> Message: 2
> Date: Sat, 20 Dec 2003 14:56:12 -0800
> From: Raymond <support@bigriverinfotech.com>
> To: openafs-info@openafs.org
> Subject: [OpenAFS] AFS, SSH and PAM
>
> Considering AFS for file sharing on the Fedora 1.0 platform.
>
> What are the advantages and disadvantages over Samba?
>
> Require ssh tunneling to a localhosted AFS server and system
> authentication, preferably via pam.
>
> Is this possible?
Yes. Openssh works, but I'm not real happy with openssh. Its pam support
is kind of dubious---it doesn't work with regular ssh clients like it
should. This is a bug in openssh, but the openssh team is uninterested.
Probably need a new ssh distribution.
You have to have the following in your sshd_config:
usepam yes
UsePrivilegeSeparation no
Be sure to get 3.7.1p2, due to root exploit.
--Dean