hi, every time i enable the option "KerberosGetAFSToken yes" on a computer where the afs-client works fine i get a (/var/log/)message(s) like this: "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken". no one get a afs-token via ssh-login. i found this in sshd in suse9.3, suse 10.0 and fedora core 4 but i does not found any informations if this is an error or not. whats wrong here, can anyone help me? regards jan -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie
On Wed, 9 Nov 2005 22:21:32 +0100 (MET) "Jan Bilang" <dreadi at gmx.net> wrote:> hi, > > every time i enable the option "KerberosGetAFSToken yes" on a computer where > the afs-client works fine i get a (/var/log/)message(s) like this: > "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken". no one > get a afs-token via ssh-login. i found this in sshd in suse9.3, suse 10.0 > and fedora core 4 but i does not found any informations if this is an error > or not. whats wrong here, can anyone help me?Your sshd probably has not been compiled with Kerberos support. You didn't bother to quote the sshd version from any of your installs, or whether you compiled from source or just used the system-provided ones. -d
Jan Bilang wrote:> every time i enable the option "KerberosGetAFSToken yes" on a computer where > the afs-client works fine i get a (/var/log/)message(s) like this: > "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken".In addtion to requiring Kerberos support, that option only works if your Kerberos implementation has the required AFS bits (k_setpag() and a few other calls) and at the moment, only Heimdal has them. There was talk of adding them as an external library for MIT Kerberos but as far as I know that's never happened. Depending on what your OS vendors have done, it might be possible to configure AFS to work via a PAM module, but that's going to be vendor specific. (Hmm, I see that FC3 has a "krbafs" package which implements some but not all of the functions needed. I don't know if it could be made to work.) -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.