Dear list, While fiddling around to move my home directories onto AFS, I notice a bit of interesting behaviour. At a first glance, everything seems just fine. When logging in through the Krb5 mechanism (as defined in login.conf), OpenSSH nicely obtains an AFS token for me. Use case: Windows SSH client entering a username/password upon connecting.
The following scenario, however, does not get me AFS tickets in my shell: obtaining Krb5 credentials on the client and logging into OpenSSH through GSSAPI. Although logging in seems to have nicely transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for me. Running afslog manually fixes this, but I would greatly prefer to have afslog run automatically. Browsing the archives, I gather GSSAPI and Kerberos are treated differently, but I cannot distill a solution from the results. Is there any? I'm presently thinking of ways to get 'afslog' to run after the GSSAPI login is completed. Would the 'approve' stanza in login.conf and a small work for this purpose? Reading the manual, I do get the feeling approve wasn't meant for this sort of thing, but I figured to best ask here for some good advice. Insight or a good cluebat are most appreciated. I'm thinking along the lines of: (in /etc/login.conf) :approve=/usr/local/bin/auto-afslog:\ :approve-ftp=/usr/local/bin/auto-afslog:\ (for the script) #!/bin/sh AFSLOG="/usr/bin/afslog" ${AFSLOG} -p ${HOME} For a ${HOME} based in AFS filespace. If ${HOME} were to be outside AFS file space, I wouldn't mind the login to fail, since that would be a worthwhile incident to investigate. Cheers, Rogier -- If you don't know where you're going, any road will get you there.