[OpenAFS] Re: CVS, GSSAPI, and AFS tokens

Jeff Blaine jblaine@kickflop.net
Wed, 14 Nov 2007 12:55:33 -0500

Douglas E. Engert wrote:
> Jeff Blaine wrote:
>> Feeding results back for others -- the following appears to
>> work fine so far.  I cleared all creds on the server for
>> user jblaine (krb5 and AFS tokens) and was able to checkout
>> from AFS ACL-protected space lacking system:anyuser privs.
>> Client:
>>     CVS_RSH=/usr/bin/ssh
>>     CVSROOT=:ext:jblaine@whatever.com:/afs/my/cvsroot
>> Server:
>>     sshd configured for PAM auth +
>>     pam_krb5.so (Russ Alberry's) +
>>     pam_afs_session.so
>> I've yet to try to figure it all out with ticket forwarding.
> Sounds like it did forward, and sshd uses pam_afs_session to get the
> token.

No, I'm being asked for a password by pam_krb5.so.  I haven't
determined why yet.  I'll be sure to post if I figure it out.