[OpenAFS] Stacking pam_securid with pam_afs for SSH?

Russ Allbery rra@stanford.edu
Sun, 08 Jun 2008 17:51:05 -0700

Jeff Blaine <jblaine@kickflop.net> writes:

> No, it doesn't.  This is a kaserver setup still.  pam_afs.so is
> solely responsible for getting tokens on its own in this setup.

It needs a password to do that.  So you can stack the two of them together
if you use ChallengeResponseAuthentication and let pam_afs prompt you for
a password after pam_securid does its thing, but that's about the only way
that I can think of it working.

In order to get a token, you have to get a Kerberos ticket.  In order to
get a Kerberos ticket from a kaserver, you have to have a password.  No
password, no token.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>