[OpenAFS] Re: Help: Can OpenSSH get OpenAFS token after the
client login?
Lee Eric
openlinuxsource@gmail.com
Sat, 11 Jun 2011 22:28:09 +0800
Thanks all mates. It's fixed now.
Eric
On Sat, Jun 11, 2011 at 10:20 PM, Booker Bense <bbense@slac.stanford.edu> w=
rote:
>
> For various reasons[1] I've found that the pam solution doesn't cover all
> bases and I've resorted to putting aklog in
>
> /etc/ssh/sshrc
>
> If you have an sshrc it needs to deal with the xauth stuff as well.
>
> #
> # Evil workaround for pam sshd stupidity.
> if [ -n "$KRB5CCNAME" ] && [ -x /usr/bin/aklog ]; then
> =A0 =A0 =A0 =A0/usr/bin/aklog
> fi
> if read proto cookie && [ -n "$DISPLAY" ]; then
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 if [ `echo $DISPLAY | cut -c1-10`=
=3D 'localhost:' ]; then
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 # X11UseLocalhost=
=3Dyes
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo add unix:`ec=
ho $DISPLAY |
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 cut -c11-=
` $proto $cookie
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 else
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 # X11UseLocalhost=
=3Dno
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 echo add $DISPLAY=
$proto $cookie
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 fi | /usr/bin/xauth -q -
> fi
>
> - Booker C. Bense
>
> [1]- To be honest I've forgotten exactly what the combination was, but th=
ere
> was one edge case that I just couldn't get the
> pam based solution to work. The sshrc solution is also required
> on OS X.
>