[OpenAFS] Re: CVS, GSSAPI, and AFS tokens

Douglas E. Engert deengert@anl.gov
Wed, 14 Nov 2007 10:59:24 -0600


Jeff Blaine wrote:
> Feeding results back for others -- the following appears to
> work fine so far.  I cleared all creds on the server for
> user jblaine (krb5 and AFS tokens) and was able to checkout
> from AFS ACL-protected space lacking system:anyuser privs.
> 
> Client:
> 
>     CVS_RSH=/usr/bin/ssh
>     CVSROOT=:ext:jblaine@whatever.com:/afs/my/cvsroot
> 
> Server:
> 
>     sshd configured for PAM auth +
>     pam_krb5.so (Russ Alberry's) +
>     pam_afs_session.so
> 
> I've yet to try to figure it all out with ticket forwarding.

Sounds like it did forward, and sshd uses pam_afs_session to get the
token.

You could try ssh by itself, then do a klist; tokens

Or start sshd -ddd
and look at the debug as you connect to cvs.

> 
> Jeff Blaine wrote:
>> How are people handling krb5 auth with CVS and also getting
>> tokens for gserver connections (GSSAPI/krb5)?
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444