[OpenAFS-port-darwin] Tokens on SSH login?
Nate Coraor
nate@psu.edu
Tue, 8 May 2007 14:03:42 -0400
Hi all,
I see this has been discussed numerous times, most recently in May of
'06. However, I've tried everything I've come across and none of it
has worked so far.
I have a MIT K5 KDC and OpenAFS 1.4.2(-6, it's debian) server. My
10.4.9 client can get K5 tickets as well as tokens via kinit/aklog.
afslog.loginLogout also works properly with kinit and the
loginwindow. Setting 'KerberosAuthentication yes' in sshd_config on
the OS X client allows kerberos users to login (and after logging in
they have a new TGT). But they don't have AFS tokens. I tried
changing 'system.login.tty' in /etc/authorization to both
'builtin:krb5login,privileged' and 'kerberos:login,privileged' (with
the patched kerberos plugin) but neither seem to have any effect.
What am I missing?
On Linux clients I don't set KerberosAuthentication because there are
appropriate PAM modules. But I haven't found any up-to-date krb5/afs
modules for PAM on Tiger.
Thanks in advance,
--nate