Jon Peatfield wrote:
On Wed, 26 Aug 2009, Troy Dawson wrote:
Hi Eve,
The problem is that a plain SL5 ssh client does not do
GSSAPIDelegateCredentials and this is what is needed for you to get your AFS
credentials on minos06.
https://fermilinux.fnal.gov/documentation/security/ssh-client/
<snip>
I hope no-one minds if I ask a stupid question...
What is to stop a user from adding the relevant section to their own
.ssh/config ? I know that isn't useful for catching all users but it is a
useful test...
According to my understanding of the ssh client the *first* (matching)
value found for each parameter is the one used and it is defined to read
the user config before the system one (and command-line options before
that)...
BTW the web page mentions a clash with GSSAPIDelegateCredentials on
Ubuntu, which probably means that they are setting the value earlier than
the suggested host... fragment (so will be found first).
From man ssh_config (on sl5 in case it matters):
...
Since the first obtained value for each parameter is used, more
host-specific declarations should be given near the beginning of the
file, and general defaults at the end.
...
-- Jon
Hi Jon,
You are right, with that section at the top of the ssh_config file,
Ubuntu users shouldn't have a problem. I have rewritten it to sound
better. But I'm leaving it in, because it's usually the Ubuntu users
that have been having problems getting AFS tokens when they login.
Troy
--
__________________________________________________
Troy Dawson [email protected] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________
