Thanks for your answer. It is acceptable for me to doesnt have the token when i ssh, the ~/.ssh directory in the users home (which is in the AFS) is publicly readable.
But i do get this error when i want to ssh to the host: pam_afs[26655]: AFS Won't use illegal password for user integra Does pam_afs restricts the login because i am willing to use public key with ssh ? Thanks Walter On Wed, 2007-03-14 at 08:55 -0700, Russ Allbery wrote: > Walter Lamagna <[EMAIL PROTECTED]> writes: > > > Yes, i want to login to a server though ssh authenticating with public > > key, using the authorized_keys2 file located in the users home > > directory, i have this directive in sshd_config: > > > AuthorizedKeysFile ~/.ssh/authorized_keys2 > > > How can i do this ? > > Like that, with making that directory world-readable. However, after the > person logs in, they won't have AFS tokens, and you can't run the AFS PAM > module for those logins since it can't do anything meaningful without a > password. (In general, you don't want to be using the pam_afs from the > OpenAFS source tree at all unless you're running a Kerberos infrastructure > based on AFS kaserver, which you don't want to be doing, so I'll just go > back to "you don't want to be using that module at all.") > > If you want people to be able to log in with ssh public key authentication > and also get an AFS token, well, the answer is that you can't do that. > There's no way currently to go from ssh public key authentication to an > AFS token. > -- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
