AFS and tokenforwarding

Dug Song dugsong at
Thu Oct 4 18:41:54 EST 2001

On Wed, Oct 03, 2001 at 07:58:14PM -0700, Booker C. Bense wrote:

> - I think there are two problems being conflated into one. My patch
> is just to get the AFS code to compile when using Kth-1.1. It doesn't
> fix the problem of the token not being available when you need to
> access the filesystem. I think that was the point of the other
> patch posted.

sorry - i was indeed thinking of the other patch.

i remember now - the issue was, we didn't want to send Kerberos TGTs
or AFS tokens until authentication succeeded. i talked this over with
Markus at the time.

i know that this prevents things like RSA authentication when the user
needs AFS tokens to access their home directory, but i've always
regretted that this went into the original SSH-AFS patches (there was
some long debate about this on the mailing list, and i conceded to
popular opinion).



More information about the openssh-unix-dev mailing list