[OpenAFS] optaining a token after openssh GSSAPI credential-delegation

Garance A Drosihn drosih@rpi.edu
Tue, 13 Sep 2005 23:40:27 -0400


At 2:17 PM -0500 9/12/05, Douglas E. Engert wrote:
>See
>https://lists.openafs.org/pipermail/openafs-info/2005-May/017905.html
>This shows how to use PAM with ssh. It also works on Solaris 10.

It happens that I'm in the middle of trying to compile the latest
openssh on some solaris 8 boxes.  We have an older version of openSSH
compiled (with a few kludges) and working, but I wanted to get our
OpenSSH world on better footing.  These machines are also still
running an older version of OpenAFS (1.2.11).  I did at least build
the latest versions of OpenSSL and Heimdal.

What I've put together so far is *almost* working.  I can ssh into
the box, and it will ask for and correctly check my password.  But
it logs me in without any AFS credentials.  If I then do a 'kinit',
I end up with both kerberos and AFS credentials.  I'm about 98% sure
the problem is that I'm still using the PAM module from our previous
setup.  Not much of a surprise there...

Looking at the above URL, I am not sure that it will help me.  Would
this depend on a newer version of OpenAFS?  Does it depend on Solaris
10 (instead of 8)?  In your message from May, you said you were still
working on the pam.conf changes for Solaris 10.  Do you have that
done at this point?

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu