Hi Andy.
Thanks for the info regarding sshd from macports. I'll check it out.
We can login via password using pam_KFM.so .
-------
Yemi
On Jul 29, 2009, at 2:16 PM, Andy Cobaugh wrote:
On 2009-07-29 at 14:07, Adeyemi Adesanya ( [email protected] )
said:
Hi There.
We've had a long standing issue with OS X 10.5 (Leopard) and I just
wanted to check with folks to see if anyone has solved it. We are
able to perform Kerberos SSH logins to 10.5 clients using the SSH
GSSAPI options GSSAPIAuthentication and GSSAPIDelegateCredentials.
As long as I have a valid kerberos ticket, I can log into my 10.5
systems without supplying a password. However, there does not
appear to be any sign that the forwarded kerberos ticket is cached
on the remote system. As a result, I cannot obtain an AFS token
automatically. This was working for us under 10.4 but we have not
found a solution for 10.5. Looks like the problem still exists for
10.6 too.
Use the sshd from macports. Apple's sshd is trying to use their
credential caching mechanism, which would appear to store the
credentials in your home directory, which if it's in AFS obviously
won't work.
Are you able to login at all _without_ GSSAPI, i.e. with a password?
We're unable to, and that's the only major problem we're still
seeing. Although come to think about it, this might be alleviated if
we use Russ's pam_krb5, hmm...
--andy
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
