Russ Allbery wrote:
> However, if I remmeber correctly, RHEL 4 ships a broken sshd that runs the
> PAM session hooks and *then* saves the ticket cache. This is obviously
OK, this explains the behaviour on some old machines here.
>> I've also seen a newer version of pam_krb5 (2.2.x) which supports flags
>> "useshmem" and "external" that look helpful, but I was hoping not to
>> need this as I'm trying to stick as much as possible with the vendor
>> supplied packages (RHEL4 has pam_krb5-2.1.8-1).
This is, what we use on all newer SuSEs
For the old machines, the workaround is, to use GSSAPI (with MIC) and
this /etc/ssh/sshrc (Executed before all user shells, instead of xauth):
#!/bin/sh
if ans=`klist -5 2>/dev/null ` && ! ( echo "$ans"|grep -Fq 'afs@' ) ; then
aklog >/dev/null 2>&1
fi
if test -x /usr/X11/bin/xauth; then
/usr/X11/bin/xauth
fi
HTH
Martin
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
