[OpenAFS] Passwordless login through ssh on krb5/afs enabled
workstation.
Walter Lamagna
wlamagna@tenroses.com.ar
Wed, 14 Mar 2007 12:30:08 -0300
I am using PAM + AFS to authenticate the user, i have given persmissions
to everybody read the .ssh directory of the users home directory, but
ssh complains with:
pam_afs[25129]: AFS Won't use illegal password for user walter
How could i resolve it ?
Thanks
Walter
On Thu, 2007-03-08 at 10:20 -0500, Jim Rees wrote:
> Alexander Al wrote:
>
> I'll tell the user : "can't" (because he is connecting from outside.)
>
> That's the wrong answer. This should go in a FAQ somewhere. You just need
> to make the public key world readable. That's difficult because ssh wants
> to put public and private keys both in the same directory, and afs puts the
> same acls on all files in a directory. But with creative use of symlinks it
> can certainly be done.
>
> Here is how I do it. It's not the only way, maybe not the best way, but it
> works for me.
>
> % cd .ssh
> % ls -l
> total 17
> -rw-r--r-- 1 rees staff 828 Nov 16 2005 authorized_keys
> -rw-r--r-- 1 rees staff 62 Dec 18 17:08 check-dups
> lrwxr-xr-x 1 rees wheel 14 Jan 1 1999 config -> private/config
> -rw-r--r-- 1 rees staff 52 Jan 10 2006 config-um
> -rw-r--r-- 1 rees wheel 31 Jan 1 1999 environment
> lrwxr-xr-x 1 rees wheel 14 Oct 13 2000 id_dsa -> private/id_dsa
> -rw-r--r-- 1 rees wheel 604 Oct 13 2000 id_dsa.pub
> lrwxr-xr-x 1 rees wheel 14 Jun 30 2003 id_rsa -> private/id_rsa
> -rw-r--r-- 1 rees staff 224 Jun 30 2003 id_rsa.pub
> lrwxr-xr-x 1 rees wheel 16 Mar 7 1997 identity -> private/identity
> -rw-r--r-- 1 rees wheel 333 Feb 8 1999 identity.pub
> lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 known_hosts -> private/known_hosts
> drwxr-xr-x 2 rees wheel 2048 Mar 5 12:16 private
> lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 random_seed -> private/random_seed
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--