Rogier Krieger wrote:
While fiddling around to move my home directories onto AFS, I notice a
bit of interesting behaviour. At a first glance, everything seems just
fine. When logging in through the Krb5 mechanism (as defined in
login.conf), OpenSSH nicely obtains an AFS token for me. Use case:
Windows SSH client entering a username/password upon connecting.
The following scenario, however, does not get me AFS tickets in my
shell: obtaining Krb5 credentials on the client and logging into
OpenSSH through GSSAPI. Although logging in seems to have nicely
transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for
me. Running afslog manually fixes this, but I would greatly prefer to
have afslog run automatically.
Do you have "KerberosGetAFSToken yes" in sshd_config?
KerberosGetAFSToken
If AFS is active and the user has a Kerberos 5 TGT, attempt to
acquire an AFS token before accessing the user's home directory.
The default is ``no''.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
