[OpenAFS] Passwordless login through ssh on krb5/afs enabled workstation.

Walter Lamagna wlamagna@tenroses.com.ar
Wed, 14 Mar 2007 12:30:08 -0300


I am using PAM + AFS to authenticate the user, i have given persmissions
to everybody read the .ssh directory of the users home directory, but
ssh complains with:

pam_afs[25129]: AFS Won't use illegal password for user walter

How could i resolve it ?

Thanks
Walter


On Thu, 2007-03-08 at 10:20 -0500, Jim Rees wrote:
> Alexander Al wrote:
> 
>   I'll tell the user : "can't" (because he is connecting from outside.)
> 
> That's the wrong answer.  This should go in a FAQ somewhere.  You just need
> to make the public key world readable.  That's difficult because ssh wants
> to put public and private keys both in the same directory, and afs puts the
> same acls on all files in a directory.  But with creative use of symlinks it
> can certainly be done.
> 
> Here is how I do it.  It's not the only way, maybe not the best way, but it
> works for me.
> 
> % cd .ssh
> % ls -l
> total 17
> -rw-r--r--  1 rees  staff   828 Nov 16  2005 authorized_keys
> -rw-r--r--  1 rees  staff    62 Dec 18 17:08 check-dups
> lrwxr-xr-x  1 rees  wheel    14 Jan  1  1999 config -> private/config
> -rw-r--r--  1 rees  staff    52 Jan 10  2006 config-um
> -rw-r--r--  1 rees  wheel    31 Jan  1  1999 environment
> lrwxr-xr-x  1 rees  wheel    14 Oct 13  2000 id_dsa -> private/id_dsa
> -rw-r--r--  1 rees  wheel   604 Oct 13  2000 id_dsa.pub
> lrwxr-xr-x  1 rees  wheel    14 Jun 30  2003 id_rsa -> private/id_rsa
> -rw-r--r--  1 rees  staff   224 Jun 30  2003 id_rsa.pub
> lrwxr-xr-x  1 rees  wheel    16 Mar  7  1997 identity -> private/identity
> -rw-r--r--  1 rees  wheel   333 Feb  8  1999 identity.pub
> lrwxr-xr-x  1 rees  wheel    19 Mar  7  1997 known_hosts -> private/known_hosts
> drwxr-xr-x  2 rees  wheel  2048 Mar  5 12:16 private
> lrwxr-xr-x  1 rees  wheel    19 Mar  7  1997 random_seed -> private/random_seed
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--