[OpenAFS-devel] Re: [OpenAFS] AFS / PAM / SSH / (w/o Kerberos)

[TOBx]

> If you are *really* stuck with Kerberos v4 via the kaserver but still 
> want
> to forward tickets, you can use:

Maybe you got me wrong, because of my bad explanation of the problem. 
;-(

I don't want to do any token passing.

The situation is as follows:

There are a couple of AFS-Server (and Client) machines with sshd 
running.
Additionally there are some unix-boxes w/o AFS but the ssh client 
program.

Now what I want is that s.o. who is logged on to one of those 
"non-AFS-unix-boxes" is able to ssh to one of the AFS-Servers and is 
authenticated via the pam-ssh module running on the AFS machines.
(This step works fine already)
Additionally I want that an AFS-token is created on the AFS-Server the 
person logged on. So that he dont has to call 'klog' everytime after 
the login. (The pam_afs-module has a "set_token" parameter which does 
not work in my situation!?)



In "real life" this should look like this:

--
foo:/ # ssh -l user1 AFS_Server1
password: xxx

AFS_Server1:/HOMEDIR user1$ tokens

Tokens held by the Cache Manager:

-- a valid token for user1 --
AFS_Server1:/HOMEDIR user1$