I have had similar issues getting ssh to work , although I may have done this the hard way. I took part of nsca's gsi_openssh patch and backported to Openssh then added a option to use lsetpag in libsys.a rather than the hidmal krbafs lib see attached . This was so I could get a token and access my home directory in afs via passthrough gssapi authentication ,configureing --with-afs-krb5=/usr/bin/aklog --with-afs-libsys=/usr/lib64/afs/libsys.a to get around some of the pam problems with hpc programs .
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Harald Barth Sent: Wednesday, May 27, 2009 8:39 AM To: [email protected] Cc: [email protected] Subject: Re: [OpenAFS] token and linux "access key retention"? > When I log in I get Kerberos TGT and an AFS ticket, but no token > (should be provided by pam). Aklog works, afterward I get tokens in all > other SSH sessions. "unlog" in on session destroys all ather tokens. Looks like you have started sshd in a pag and you don't "get out". Try starting without pag. I have the following in my /etc/init.d/sshd - echo -n $"Starting $prog: " - $SSHD $OPTIONS && success || failure + if keyctl show | egrep '_uid_ses.0$' > /dev/null ; then + echo -n $"Starting $prog: " + $SSHD $OPTIONS && success || failure + else + echo -n Refusing to start outside UID pag: + false || failure > On other computers of the same kind everything works as expected. Probably started sshd at boot and not from a logged in session. What about: /etc/init.d/sshd stop ## Let it die ## Use at (assumes atd is outside pag) to start sshd at now /etc/init.d/sshd start Harald. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
sshkrb5_afs.patch
Description: sshkrb5_afs.patch
