KerberosGetAFSToken drives me crazy
Darren Tucker
dtucker at zip.com.au
Thu Nov 10 21:49:18 EST 2005
Jan Bilang wrote:
> every time i enable the option "KerberosGetAFSToken yes" on a computer where
> the afs-client works fine i get a (/var/log/)message(s) like this:
> "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken".
In addtion to requiring Kerberos support, that option only works if your
Kerberos implementation has the required AFS bits (k_setpag() and a few
other calls) and at the moment, only Heimdal has them. There was talk
of adding them as an external library for MIT Kerberos but as far as I
know that's never happened.
Depending on what your OS vendors have done, it might be possible to
configure AFS to work via a PAM module, but that's going to be vendor
specific.
(Hmm, I see that FC3 has a "krbafs" package which implements some but
not all of the functions needed. I don't know if it could be made to
work.)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list