[OpenAFS-port-darwin] sshd with afs tokens?

bil bil_hays@unc.edu
Fri, 01 Aug 2003 16:23:20 -0400


Does anyone out there have any pointers on getting afs tokens via sshd for 
remote login, either via including afs/kerberos in the ssh build, or via 
pam?

Here's what we've tried (apologies in advance for my ignorance of the unix 
level) with the sshd, trying to build with afs and kerberos.

*The included sshd doesn't seem to include support for kerberos 4 and afs.

*Got some help from our apple engineer, who got some instructions from a 
fellow at the fermilab on building openssh against kerberos5 (but we're a 
kerberos4 /afs shop). That helped us run down the road until we hit the 
first tree.

*Ideally, we'd like to get this to work with the built in kerberos, but 
sshd wouldn't build against it, said there was a missing library. Make 
failed tho since it couldn't find kafs.h.

*Installed KTH-krb, that went ok, and got opssh to make against that and 
got it running, but now it seems to be failing because we don't have the 
kerberos services registered (sshd debug line is "Kerberos v4 TGT for xxxx 
unverifiable: (null); rcmd.gilgamesh not registered, or srvtab is wrong?").

Any ideas?

tia,
bil



--

________________________
bil hays
Network Manager
Computer Science, UNC CH