[OpenAFS] ticket/token forwarding debian - info

[Christopher D. Clausen]

Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
> After some time with krb5 and pam working but with no ticket
> forwarding I want to set that up.
> Anyone got krb5-ticket forwarding with automatic token generation on
> remote debian pc running and has tips for me to set this up?

https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian

And you want to install libpam-openafs-session and add it to the 
appropriate PAM config files as well.  The ssh-krb5 package should by 
default always run through the PAM routines, even when using forwarded 
credentials so that you always get tokens.

I can post my PAM configs as well if that is desired, but I basically 
copied ones I found in various mailing list archive posts, 
http://mailman.mit.edu/pipermail/kerberos/2004-October/006621.html

> And does this work from winxp krb5 to debian krb5, to?

What do you mean by "winxp krb5"?

I use a GSSAPI modified version of putty (bottom of: 
http://www.sweb.cz/v_t_m/ ) to connect to my Debian (and Solaris and 
AIX) machines using Kerberos credentials from the MIT krb5cc.  It should 
work as well from the MS SSPI (might need to run an ms2mit command to 
pull MS creds into MIT krb5cc first though, depending upon enc_types and 
other stuff.)

<<CDC
-- 
Christopher D. Clausen
ACM@UIUC SysAdmin