[OpenAFS] forwarding credentials with OpenSSH, Kerberos and pam-afs-session

Ken Aaker kaaker@brocade.com
Thu, 06 Sep 2007 11:23:34 -0500

Russ Allbery wrote:
> Your original problem wasn't a PAM issue; it didn't get that far.  It was
> an ssh privilege delegation issue, in that your client wasn't even
> forwarding the tickets.  The ssh -K command-line option is useful here,
> since it forces the command-line client to attempt privilege delegation
> even if it isn't otherwise configured to do so.  However, you weren't even
> getting GSSAPI authentication, which is probably the keytab problem.
FYI, I just ran across something, in the openssh versions I've been
using, 4.4p1 and 4.6p1, the -K option seems to have disappeared. -k is
still there, but the getopt() loop in ssh.c:main() doesn't have a 'K'
option. I had tried -K and got an invalid option error, then forgot to
go see what was up with that.