[OpenAFS] Passwordless login through ssh on krb5/afs enabled workstation.
Jim Rees
rees@umich.edu
Thu, 8 Mar 2007 10:20:22 -0500
Alexander Al wrote:
I'll tell the user : "can't" (because he is connecting from outside.)
That's the wrong answer. This should go in a FAQ somewhere. You just need
to make the public key world readable. That's difficult because ssh wants
to put public and private keys both in the same directory, and afs puts the
same acls on all files in a directory. But with creative use of symlinks it
can certainly be done.
Here is how I do it. It's not the only way, maybe not the best way, but it
works for me.
% cd .ssh
% ls -l
total 17
-rw-r--r-- 1 rees staff 828 Nov 16 2005 authorized_keys
-rw-r--r-- 1 rees staff 62 Dec 18 17:08 check-dups
lrwxr-xr-x 1 rees wheel 14 Jan 1 1999 config -> private/config
-rw-r--r-- 1 rees staff 52 Jan 10 2006 config-um
-rw-r--r-- 1 rees wheel 31 Jan 1 1999 environment
lrwxr-xr-x 1 rees wheel 14 Oct 13 2000 id_dsa -> private/id_dsa
-rw-r--r-- 1 rees wheel 604 Oct 13 2000 id_dsa.pub
lrwxr-xr-x 1 rees wheel 14 Jun 30 2003 id_rsa -> private/id_rsa
-rw-r--r-- 1 rees staff 224 Jun 30 2003 id_rsa.pub
lrwxr-xr-x 1 rees wheel 16 Mar 7 1997 identity -> private/identity
-rw-r--r-- 1 rees wheel 333 Feb 8 1999 identity.pub
lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 known_hosts -> private/known_hosts
drwxr-xr-x 2 rees wheel 2048 Mar 5 12:16 private
lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 random_seed -> private/random_seed