Re: [URG] SSH & PAM
From: Scott Packard (scottp_at_%hash%.usenet.us.com)
Date: 02/24/04
- Next message: Mariusz Lisowski: "Putty: Release 0.54 does not work with SOCKS5 server"
- Previous message: Baffledyetagain: "Re: SSH - RH9 and PuTty on Windows - ooh-er?"
- In reply to: Darren Tucker: "Re: [URG] SSH & PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Feb 2004 13:21:09 -0800
On Tue, 24 Feb 2004 13:41:45 +0000, Darren Tucker wrote:
>
>
> KerberosGetAFSToken is a new option in 3.8 that allows you to pick up
> an AFS token (and the associated kernel bits like a PAG) after you
> authenticate some other way (eg gssapi or Kerberos 5).
I'm not the original poster (looked like he was from .it, I'm
from .us).
I had the same problem with OpenSSH 3.7.1p2 and Solaris 8.
I see OpenSSH 3.8p1 was released this morning. I'm going
to have to play with PAM and AFS again later this week to
see if it's possible (or if I can) get the AFS token to
be acquired. Last time I played with it was a few weeks
ago with a nightly snapshot. At that time I saw a real,
um, mental problem tracing the stages of PAM.
This was about the 4th time tacking PAM for me, so I'm getting
comfortable with the terms and what they mean. I found
OpenSSH was finished with the AUTH service by the time it
should fall to the next entry in my pam.conf file. Well,
once you're done, you're done. The pam_afs.so was never seeing
the call, hence never able to acquire a token.
Like you post, it looks like there is a new hook put in to
take care of that. I just don't have any spare time until
after I take care of some licensing problems for users.
Regards, Scott
- Next message: Mariusz Lisowski: "Putty: Release 0.54 does not work with SOCKS5 server"
- Previous message: Baffledyetagain: "Re: SSH - RH9 and PuTty on Windows - ooh-er?"
- In reply to: Darren Tucker: "Re: [URG] SSH & PAM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
