Thanks all mates. It's fixed now. Eric
On Sat, Jun 11, 2011 at 10:20 PM, Booker Bense <[email protected]> wrote: > > For various reasons[1] I've found that the pam solution doesn't cover all > bases and I've resorted to putting aklog in > > /etc/ssh/sshrc > > If you have an sshrc it needs to deal with the xauth stuff as well. > > # > # Evil workaround for pam sshd stupidity. > if [ -n "$KRB5CCNAME" ] && [ -x /usr/bin/aklog ]; then > /usr/bin/aklog > fi > if read proto cookie && [ -n "$DISPLAY" ]; then > if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then > # X11UseLocalhost=yes > echo add unix:`echo $DISPLAY | > cut -c11-` $proto $cookie > else > # X11UseLocalhost=no > echo add $DISPLAY $proto $cookie > fi | /usr/bin/xauth -q - > fi > > - Booker C. Bense > > [1]- To be honest I've forgotten exactly what the combination was, but there > was one edge case that I just couldn't get the > pam based solution to work. The sshrc solution is also required > on OS X. > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
