Thanks mate. Here's the /etc/pam.d/sshd file contents, could you tell me which part I can add pam_afs_session module?
Thanks very much. Eric On Sat, Jun 11, 2011 at 9:05 PM, Jason Edgecombe <[email protected]> wrote: > On 06/11/2011 08:31 AM, Lee Eric wrote: >> >> Hi, >> >> The systems are using Fedora 14 and the systems can log in each other >> by using Kerberos. But it seems after OpenSSH login the client side >> cannot get the OpenAFS token. So is there any way to let the client >> side get the OpenAFS token after login? Just a guessing, could I use >> pam_afs_session in /etc/pam.d/sshd to do this? >> >> >> [root@client1 ~]# kinit huli >> Password for [email protected]: >> [root@client1 ~]# ssh [email protected] >> Last login: Sat Jun 11 08:30:24 2011 from client1.herdingcat.internal >> Could not chdir to home directory /afs/herdingcat.internal/home/huli: >> Permission denied >> -bash: /afs/herdingcat.internal/home/huli/.bash_profile: Permission denied >> -bash-4.1$ > > yes, pam_afs_session can do that. > > In addition, for single sign-on to work, the remote machine must have a host > keytab installed and put the following in your local ssh config > (/etc/ssh/ssh_config or ~/.ssh/config): > > GSSAPIAuthentication yes > GSSAPIDelegateCredentials yes > > Jason > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
