[OpenAFS-devel] Re: [OpenAFS] AFS / PAM / SSH / (w/o Kerberos)

Derek Atkins warlord@MIT.EDU
Sat, 11 Dec 2004 13:17:28 -0500


TOBx <TOBx@gmx.de> writes:

>> The problem is most likly that a token and PAG may be obtained, but
>> under
>> the wrong process, because of the Priv Sep code.
>
> No, thats not the situation. I turned set the
> 'UsePrivilegeSeparation"-option to 'no' in the sshd conf.

It doesn't seem to matter with SSH.

Also, if you're using KAserver then you only have krb4 and therefore
you cannot forward kerberos tickets.  That means the ssh server has
nothing to use to obtain an AFS token.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available