if we have a talk about ssh, we love to heard somebody cover this authentication stuff with kerberos. I'm too used to classic ssh keys and firefox remembering my incredibly complicated password, I really only want to type it in twice per 6 months, when the state required (OIT implemented) requires me to set a new one. Just not every day. I never figured it out, and haven't found a good writeup what's really going on here.
On [Thu Jan 31 11:10], Eric Sturdivant wrote: > On Wed, 30 Jan 2008, Mathias Stearn wrote: > > >Its not specifically blocked, its just not possible with the AFS > >setup. The key is stored on your home directory which the machine you > >are sshing into doesnt have direct acess to since it is stored over > >AFS. When you login the server gets a kerberos ticket/token on your > >behalf, and THEN uses that to access your homedir. > > > >see http://www.csic.umd.edu/linuxlab/faq.html#SSH for more info. > > If you have a kerberos enabled ssh client you can get password-less login > to work by using kerberos tickets rather than ssh keys for authentication. > > The ssh_config(5) options you want are: > > GSSAPIAuthentication > Specifies whether user authentication based on GSSAPI > is allowed. The default is ``no''. Note that this > option applies to protocol version 2 only. > > GSSAPIDelegateCredentials > Forward (delegate) credentials to the server. The > default is ``no''. Note that this option applies to > protocol version 2 only. > > But at that point, you can also just install the afs client and get at > your files directly. > > > > > -- > Eric Sturdivant > University of Maryland > Office of Information Technology > Distributed Computing Services
