I've been away from AFS admin issues for several years, and wonder if
there has been any recent work on public-key interchange and AFS
authentication.
Our situation: we use SSH to replace the normal telnet/ftp/rcp/rsh
operations between our sites. SSH can do normal password
authentication, but it can also authenticate via PKI, which is
particularly useful for a variety of reasons (e.g. batch or cron jobs).
I think that some versions of sshd have a PAM hook, so I can see how to
make it work for password-based authentication if we have the AFS PAM
installed...
... but has anyone done any work with AFS and/or Kerberos and/or SSH to
make it use keys for authentication? I.e. store one's public key in the
Kerberos database instead of an encrypted password, and authenticate by
sending a string encrypted with the private key stored on one's local
disk? Or alternatively, has anyone modified SSH to use a local Kerberos
token to authenticate at the remote machine, as for authenticating
rsh/rcp?
Am I making sense?
Thanks,
S
--
steve lammert unix administrator voice: +1-412-471-7500 x4712
[EMAIL PROTECTED] Be Free, Inc. fax: +1-412-471-9840
