Re: Host Based Authentication and AFS

From: Richard E. Silverman (res_at_qoxp.net)
Date: 02/15/05

Next message: bigyank: "putty 0.56 and passwordless authentication to Solaris 9"

Previous message: Chuck: "Re: Encrypting private key with Windows"
In reply to: Paul Mitchell: "Host Based Authentication and AFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 15 Feb 2005 16:22:35 -0500

>>>>> "PM" == Paul Mitchell <pmitchel@email.unc.edu> writes:

    PM> Hello, Has anyone managed to get a passwordless authentication
    PM> with a non-local, AFS account? I've been running through various
    PM> documents and settings on the net, but can't, yet, pull it off.

I haven't worked much with AFS, but I imagine you pretty much have to use
Kerberos authentication (either ticket or password) to get this to work.
sshd doesn't have access to your home directory without AFS credentials,
and so can't read ~/.ssh/authorized_keys. Even if you moved the
authorization files somewhere local, you still don't have your home
directory.

If you arrange SSH Kerberos authentication via GSSAPI, you can set
KerberosGetAFSToken on the server and it should all work seamlessly.

-- 
  Richard Silverman
  res@qoxp.net

Next message: bigyank: "putty 0.56 and passwordless authentication to Solaris 9"

Previous message: Chuck: "Re: Encrypting private key with Windows"
In reply to: Paul Mitchell: "Host Based Authentication and AFS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]