[OpenAFS] OpenAFS/Krb5/LDAP: No OpenSSH agent forwarding

Dirk Heinrichs dirk.heinrichs@altum.de
Fri, 18 Mar 2011 19:16:33 +0100


don't wether this fits here or not, but since I don't have this issue in
non-afs environments I guess it does.

I've got a working Debian/Ubuntu setup with OpenLDAP, MIT Kerberos5 and
OpenAFS. Upon login to one machine, an SSH agent is startet and my key
is added (via keychain). I also get kerberos tickets and an AFS token so
I can access my $HOME just fine.

However, when I now open an SSH connection to another host, I can login
without w/o any password and have immediate access to my $HOME there as
well, but the SSH agent connection is not being forwarded, although all
relevant options in sshd_config and ssh_config on the local and the
remote host are set.

That means that keychain jumps in and asks me for my SSH key passphrase
again on the remote machine. A second login to the remote machine then
works w/o any further passphrase request.

Any hints as to what could be wrong?