[OpenAFS] Stacking pam_securid with pam_afs for SSH?
Sun, 08 Jun 2008 17:51:05 -0700
Jeff Blaine <email@example.com> writes:
> No, it doesn't. This is a kaserver setup still. pam_afs.so is
> solely responsible for getting tokens on its own in this setup.
It needs a password to do that. So you can stack the two of them together
if you use ChallengeResponseAuthentication and let pam_afs prompt you for
a password after pam_securid does its thing, but that's about the only way
that I can think of it working.
In order to get a token, you have to get a Kerberos ticket. In order to
get a Kerberos ticket from a kaserver, you have to have a password. No
password, no token.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>