Openssh + AFS
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Wed May 28 07:21:36 EST 2008
On 2008-05-27 17:34, Rainer Laatsch wrote:
> The native authentication methods of openssh are
> (not counting insecure RhostsRSAAuthentication)
> 1) public key
> 2) password
> For users with home dirs in AFS space, method 1) does not work.
> Except with (non foolproof) fiddling on the access controls within
> the home directory. This might lead to security issues when done
> by inexperienced users.
The authorized_keys file doesn't have to reside in the user's home
directory. In many cases it is preferable if it is not. See the
AuthorizedKeysFile directive. I often use something like:
AuthorizedKeysFile /etc/ssh/keys/%u
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
"Never try to retrieve anything from a bear."--National Park Service
More information about the openssh-unix-dev
mailing list