[OpenAFS] debian-gssapi works, partly...
Lars Schimmer
l.schimmer@cgv.tugraz.at
Fri, 26 Jan 2007 10:24:57 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sergio Gelato wrote:
> * Massimiliano Masi [2007-01-18 22:29:02 +0100]:
>> I would like to use GSSAPIAuthentication with ssh-krb5 package
>> on debian.=20
>=20
> In addition to the good advice from Simon Wilkinson and Doug Engert,
> you should be aware that the ssh-krb5 package in Debian sarge (there
> is no such package in etch) needs a few patches (was it 918 and 922
> from the OpenSSH bug tracker?) before it will work. You may find my
> http://www.astro.su.se/~gelato/debian/openssh-krb5_3.8.1p1-7.sg3.diff.g=
z
> to be of interest. (The .dsc and the .orig.tar.gz are in the same
> directory, although I'd recommend getting the .orig.tar.gz from a
> (signed) official Debian mirror instead -- they should be identical.)
No, thats not the case in "etch".
In Etch there is now the openssh-client and openssh-server packages
which are gssapi-enabled.
Here it works fine with ticket forwarding.
http://lists.openafs.org/pipermail/openafs-info/2006-March/022064.html
and
https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian
are helpful.
But with latest openssh on etch I=B4ve got the problem that I don=B4t obt=
ain
a token while logging in via SSH from putty or a PC without gssapi.
While logging in via gdm local to kdm obtains a token and logging in
with ticket forwarding obtains me a token.
I tried to builtin pam debug, but yet no luck with that...
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFucjpmWhuE0qbFyMRAmCNAJ40/ch2YoSJ62G3P8SJZAzPQmQtywCdGd3E
OK2Kaagu74jTRIKwV8MS9Qc=3D
=3DQfRl
-----END PGP SIGNATURE-----