[OpenAFS-port-darwin] obtaining AFS tokens for SSH logins

Aaron Rosenblum arosenbl@mac.com
Fri, 23 Apr 2004 00:58:14 -0400 

Might try pam_krb5 with alexi's plugin.  Might trigger the "explicit 
kerberos ticket getting" that causes the plugin to get AFS tokens.  
Havent tried though.

Aaron

On Apr 22, 2004, at 9:25 PM, David Botsch wrote:

> Upon rereading your message, are you running kaserver (or fakeka)? 
> Without
> those, that pam module won't do you any good.
>
> I woud suspect the several second delay is coming from a timeout 
> failure on the
> part of the afs pam module.
>
> On Fri, Apr 23, 2004 at 11:44:37AM +1200, Keith Johnston wrote:
>> Hi
>> 	I am trying to get afs tokens for users who ssh into an OS X box
>> running OS X10.3.3. I can obtain afs tokens and kerberos tickets
>> logging into the box normally at login but not when I ssh into the 
>> same
>> box.
>> 	I found Bil Hays'  web page http://www.ibiblio.org/macsupport/sshd/
>> for using PAM and downloaded the 10.3 version of pam_afs.so.1 and
>> followed the advice on that page, however  although I can connect  the
>> connection time is several seconds longer than without the PAM and I 
>> do
>> not get any afs tokens at login. I can obtain tokens with kinit and my
>> password.
>> 	I have had a bit of a play with sshd_config settings and achieved
>> nothing useful having tried enabling various options. We are only 
>> using
>> ssh2 and kerberos 5 here.
>> 	Is there some trick I am missing, if so could someone enlighten me or
>> point me to the right place to get the answers I need.
>> 	Thanks in advance
>> Keith
>>
>>                           -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>> Keith Johnston									xtn: 87977
>> Computer Support
>> Computer Science Department					Rm 395
>>
>> 	This email is brought to you by the letters OS X and the number 10
>>                           =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>
>> _______________________________________________
>> port-darwin mailing list
>> port-darwin@openafs.org
>> https://lists.openafs.org/mailman/listinfo/port-darwin
>
> -- 
> ********************************
> David William Botsch
> Consultant/Advisor II
> CCMR Computing Facility
> dwb7@ccmr.cornell.edu
> ********************************
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin