On Wed, 30 Jan 2008, Mathias Stearn wrote:
Its not specifically blocked, its just not possible with the AFS
setup. The key is stored on your home directory which the machine you
are sshing into doesnt have direct acess to since it is stored over
AFS. When you login the server gets a kerberos ticket/token on your
behalf, and THEN uses that to access your homedir.
see http://www.csic.umd.edu/linuxlab/faq.html#SSH for more info.
If you have a kerberos enabled ssh client you can get password-less login
to work by using kerberos tickets rather than ssh keys for authentication.
The ssh_config(5) options you want are:
GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI
is allowed. The default is ``no''. Note that this
option applies to protocol version 2 only.
GSSAPIDelegateCredentials
Forward (delegate) credentials to the server. The
default is ``no''. Note that this option applies to
protocol version 2 only.
But at that point, you can also just install the afs client and get at
your files directly.
--
Eric Sturdivant
University of Maryland
Office of Information Technology
Distributed Computing Services
