Re: [OpenAFS-devel] New OpenSSH

Wed, 25 Feb 2004 08:46:04 -0800 


[EMAIL PROTECTED] wrote:
> 
> On Wed, 25 Feb 2004, Andrei Maslennikov wrote:
> 
> > 3) Connecting from a session wit k5 creds:
> >    ---------------------------------------
> >    GSSAPI authentication works and K5 credentials are being
> >    forwarded correctly. However, while I am admitted to the host
> >    with gssapi-with-mic, I am not getting token/pagsh anymore
> >    (like in case of K5-password login).
> 
> Yes. The code paths here are completely different, and the AFS code in
> OpenSSH is only invoked if a credentials cache is obtained directly
> through Kerberos (rather than through GSSAPI).

It looks like it works for me. I have a mod in session.c to call the get_afs_token
routine which replaces the k_afs calls. I see in the debug output that
it is indeed calling my routine and passing the delegated credentials to it
via the KRB5CCNAME environment. 

So this may be a problem with the way the k_afs works which may expect
the credentials in memory?

Here is a piece of the log on the client side. 


debug1: Setting KRB5CCNAME to FILE:/tmp/krb5cc_134_x26699   ## From gss-serv.c:
Environment:                                                ## From sesison.c 
copy_environment
  KRB5CCNAME=FILE:/tmp/krb5cc_134_x26699
 
[... left out a few lines...]

debug3: channel 0: close_fds r -1 w -1 e -1
debug3: channel 1: close_fds r 18 w 18 e -1
debug1: Getting AFS PAG and token               ## From my call to get_afs_token in 
session.c 
Checking directory /afs                         ## Form my ak5log which was 
forked/execd in get_afs_token.    
Checking directory /afs/anl.gov                 ## and used the KRB5CCNAME to find the 
credentials. 
Authenticating to cell anl.gov.
Getting tickets: afsx/[EMAIL PROTECTED]

> 
> Cheers,
> 
> Simon.
> 
> _______________________________________________
> OpenAFS-devel mailing list
> [EMAIL PROTECTED]
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel

Reply via email to