[OpenAFS] AFS/UNIX attributes, home directories in AFS

Derrick J Brashear shadow@dementia.org
Tue, 16 Sep 2003 21:28:06 -0400 (EDT)


On Tue, 16 Sep 2003, Russ Allbery wrote:

> You either always require that the user do password authentication with
> SSH, you use the support for AFS token passing (which we had to modify
> slightly to get it to really work and which currently requires protocol
> version one and therefore isn't a very good option), or you use Kerberos
> authentication with ticket forwarding and then set up your shell
> initialization files to obtain AFS tokens from Kerberos tickets.  In
> practice, unless you're happy with SSH protocol version one, this last
> alternative will require making AFS work with Kerberos v5.

Doing gssapi cred delegation and using the delegated cred to get an afs
token should be easily doable.