[OpenAFS] ssh and GSSAPI doesn't work
Thu, 25 Jan 2007 23:23:25 +0000
On 18 Jan 2007, at 21:29, Massimiliano Masi wrote:
> Hi all,
> I would like to use GSSAPIAuthentication with ssh-krb5 package
> on debian.
Firstly, you need to have credential delegation enabled. You need
GSSAPIDelegateCredentials yes in the client configuration file, or
the client command line.
Secondly, you'll need a mechanism to get AFS tokens following a
successfully forwarded Kerberos connection. Locally, we use PAM with
Doug Engert's pam_afs2 module.
There are other details that may cause you issues, due to the
interesting way that PAM and OpenSSH interface with each other. Using
'PasswordAuthentication' rather than
'ChallengeResponseAuthentication' can help to reduce these in some