Alexander Al wrote: I'll tell the user : "can't" (because he is connecting from outside.)
That's the wrong answer. This should go in a FAQ somewhere. You just need to make the public key world readable. That's difficult because ssh wants to put public and private keys both in the same directory, and afs puts the same acls on all files in a directory. But with creative use of symlinks it can certainly be done. Here is how I do it. It's not the only way, maybe not the best way, but it works for me. % cd .ssh % ls -l total 17 -rw-r--r-- 1 rees staff 828 Nov 16 2005 authorized_keys -rw-r--r-- 1 rees staff 62 Dec 18 17:08 check-dups lrwxr-xr-x 1 rees wheel 14 Jan 1 1999 config -> private/config -rw-r--r-- 1 rees staff 52 Jan 10 2006 config-um -rw-r--r-- 1 rees wheel 31 Jan 1 1999 environment lrwxr-xr-x 1 rees wheel 14 Oct 13 2000 id_dsa -> private/id_dsa -rw-r--r-- 1 rees wheel 604 Oct 13 2000 id_dsa.pub lrwxr-xr-x 1 rees wheel 14 Jun 30 2003 id_rsa -> private/id_rsa -rw-r--r-- 1 rees staff 224 Jun 30 2003 id_rsa.pub lrwxr-xr-x 1 rees wheel 16 Mar 7 1997 identity -> private/identity -rw-r--r-- 1 rees wheel 333 Feb 8 1999 identity.pub lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 known_hosts -> private/known_hosts drwxr-xr-x 2 rees wheel 2048 Mar 5 12:16 private lrwxr-xr-x 1 rees wheel 19 Mar 7 1997 random_seed -> private/random_seed _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info