KerberosGetAFSToken drives me crazy
Robert Banz
banz at umbc.edu
Fri Nov 11 04:40:13 EST 2005
Darren Tucker wrote:
> Jan Bilang wrote:
>> every time i enable the option "KerberosGetAFSToken yes" on a computer where
>> the afs-client works fine i get a (/var/log/)message(s) like this:
>> "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken".
>
> In addtion to requiring Kerberos support, that option only works if your
> Kerberos implementation has the required AFS bits (k_setpag() and a few
> other calls) and at the moment, only Heimdal has them. There was talk
> of adding them as an external library for MIT Kerberos but as far as I
> know that's never happened.
>
> Depending on what your OS vendors have done, it might be possible to
> configure AFS to work via a PAM module, but that's going to be vendor
> specific.
>
> (Hmm, I see that FC3 has a "krbafs" package which implements some but
> not all of the functions needed. I don't know if it could be made to
> work.)
>
I've actually gotten things to build with the krbafs package + MIT on
multiple architectures (Solaris & OSX.) So, it's all there.
-rob
More information about the openssh-unix-dev
mailing list