> "Douglas" == Douglas E Engert <[EMAIL PROTECTED]> writes:
Douglas> But to get this set by the OpenSSH code required the call
Douglas> to ssh_gssapi_storecreds to be moved up somewhat in the
Douglas> code.
Douglas> It sounds like debian has done something simmiliar. Is
D
Sam,
I was just looking at the OpenSSH-3.8 whihc is in testing, to see
how I could get ride of my last mod. It was geting an AFS token.
I was developing a pam_afs2.so wihc had a pam_sm_open_session
routine that would look for the KRB5CCNAME in the pam environment
so aklog could be called.
But to ge
In debian, using the ssh-krb5 package with a pam config like:
auth [success=ok default=1] pam_krb5.so forwardable
auth [default=1] pam_permit.so
auth required pam_unix.so try_first_pass
auth [default=ignore] pam_openafs_session.so
should mostly do what you want.
Note that the ssh gssa
Hi.
I have a mixed linux lab. A server based on debian (ssh 3.4p1) and
clients based on gentoo (ssh version 3.8p1). My infrastructure is based
on mit kerberos 5 and openafs. All I'd like to do is to make ssh
sessions passwordless, based on the tickets. On both systems I use pam
authentication