>Currently I'm using SSH with GSSAPI and pam_krb5 support. >In /etc/profile (and/or pam config for ssh) I'm getting >the AFS token, so it's possible to use AFS as home when >doing interactive logins with SSH.
But if you're doing GSSAPI, then pam is never being invoked, right? Are users typing cleartext passwords inside of ssh? >But how about the kerberized FTP/Telnet clients/daemons? We have special versions here that make calls to setpag()/aklog after tickets have been forwarded so you always get an AFS token automatically. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
