[OpenAFS-devel] Re: [OpenAFS] AFS / PAM / SSH / (w/o Kerberos)

[Russ Allbery]

Derek Atkins <warlord@MIT.EDU> writes:

> It doesn't seem to matter with SSH.

> Also, if you're using KAserver then you only have krb4 and therefore
> you cannot forward kerberos tickets.  That means the ssh server has
> nothing to use to obtain an AFS token.

If you are *really* stuck with Kerberos v4 via the kaserver but still want
to forward tickets, you can use:

    <http://www.eyrie.org/~eagle/software/kftgt/>

and wrapper ssh to call it first.  You may have to tweak things to get
KRBTKFILE set to a predictable value.

Please note that I do *not* recommend doing this.  Going to Kerberos v5 is
a much better idea.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>