finally, a new AFS/krb4 patch for SSH. i'm not kidding - a new patch: http://www-personal.umich.edu/~dugsong/ssh-1.2.22-afs-kerberos.patch-1 changes from patch #1 for the previous version: - AFS support, but without any AFS library dependencies (use KTH kafs). results: the binaries are much faster, smaller, and you can run them on non-AFS machines as well. but now AFS support *requires* Kerberos - sorry, but this is the only way i see AFS support ever making it into the official distribution (it could happen. prolly not but whatever). - local Xauthority files for users with AFS home directories. - Hesiod support (from UMD). - general code clean-up and reorganization. krb4 and krb5 still need to be made to work together, though. - ssh's -K flag removed (client still has 'KerberosAuthentication' option) i've only tested this patch using the KTH krb4 distribution, which is required for AFS support. i highly recommend it. see below. send me bug reports, fixes, questions comments complaints etc. here's the README: ssh-1.2.22-afs-kerberos.patch-1 AFS, Kerberos v4 support for SSH Here are the extra flags to configure, and what they do: --with-krb4[=PATH] Compile in Kerberos v4 support: Kerberos v4 authentication Kerberos v4 password authentication Kerberos v4 ~/.klogin authorization These are all enabled by the 'KerberosAuthentication' config option. Kerberos v4 and Kerberos v5 support are mutually exclusive for now. PATH default is /usr/kerberos. --with-hesiod[=PATH] Compile in support for Hesiod: getpwnam(), getpwuid() replacements --with-afs Compile in AFS support (requires KTH krb4): ticket/token passing process authentication groups local Xauthority files (for AFS home dirs) /ticket TKT_ROOT directory (if it exists) Binaries built with AFS support will work just fine on non-AFS machines! You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), or just their libkafs, also available separately from CMU as libkrbafs (http://andrew2.andrew.cmu.edu/dist/krbafs.html). Additional Kerberos client and server config options (and their defaults): KerberosAuthentication yes KerberosOrLocalPassword no KerberosTgtPassing yes AFSTokenPassing yes KerberosTicketCleanup yes See sshd(8) and ssh(1) for details. The latest version of this patch can be found at http://www-personal.umich.edu/~dugsong/ssh-afs-kerberos.html or ftp://ftp.monkey.org/pub/users/dugsong/ [EMAIL PROTECTED] --- Dug Song <[EMAIL PROTECTED]> University of Michigan ITD Systems Research Programmer http://www-personal.umich.edu/~dugsong
