[OpenAFS] .k5login error

lamont@scriptkiddie.org lamont@scriptkiddie.org
Wed, 10 Nov 2004 13:39:48 -0800 (PST)


check your openssh's config.h for the settings:

/* #undef LOCKED_PASSWD_STRING */
/* #undef LOCKED_PASSWD_PREFIX */
/* #undef LOCKED_PASSWD_SUBSTR */

for linux this gets set to:

#define LOCKED_PASSWD_PREFIX "!"

so that "!!" in the passwd field will lock the account so that no matter 
what principles you have, you won't be able to login.

you should see sshd on the machine syslogging that the account is locked 
if i'm right...

On Wed, 10 Nov 2004, Wes Chow wrote:
> I have a peculiar problem which I'm having trouble debugging...
>
> I'm trying to configure a special passwordless user that certain
> principals can log in as.  To do this, I've created a .k5login file in
> that user's AFS home directory with the appropriate principals listed.
>
> After obtaining Kerberos tokens, I can use telnet to log in as this
> user.  However, ssh doesn't work.  The user's home directory has
> system:anyuser rl rights, and the .k5login file is world readable.
>
> If I create a .k5login file in root's home directory, which is not on
> AFS, both telnet and ssh work.
>
> Any thoughts as to what I should investigate?
>
> Thanks,
> Wes
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>