Displaying 4 results from an estimated 4 matches for "afslog".
Did you mean:
afs5log
2004 Feb 27
2
OPenAFS and OpenSSH replacing kafs
...legated gssapi credentials in OpenSSH-3.8. I have not had
this problem as I used a different method which this mod is
based on. This proposed change would replace the calls to kafs.
OpenAFS could then distribute the dynamic library, that would
get a PAG and fork/exec some program like aklog, or afslog to
actually get the token.
The aklog or afslog could be distributed by OpenAFS or some
Kerberos vendor.
The routine loaded is the get_afs_token routine that I proposed
last week but without the -setpag "kernel hack". It would have
setpag code added to it instead and this runs in the...
2004 Jan 26
6
OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to
suggest an alternative which has advantages to all parties.
The OpenSSH sshd needs to do two things:
(1) sets a PAG in the kernel,
(2) obtains an AFS token storing it in the kernel.
It can use the Kerberos credentials either obtained via GSSAPI
delegation, PAM or other kerberos login code in the sshd.
The above two
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
...rently requires Heimdal
libkafs) in combination with GSSAPIDelegateCredentials. The patch is
in the public domain and comes with no warranty whatsoever. Applies
to pristine 3.8p1. Works for me on Solaris and Tru64.
I'd probably have used Doug Engert's patch from 2004-01-30 if Heimdal's
afslog command supported -setpag; although to be honest I don't really
like the idea of children being able to change their parent's PAG.
* modified files
./auth-krb5.c
./auth.h
./session.c
* file diffs
--- orig/auth-krb5.c
+++ mod/auth-krb5.c
@@ -199,6 +199,25 @@
return (1);
}...
2005 Dec 09
0
openssh & kerberos difficulties
1/
When I access with GSSAPIAuthentication & GSSAPIDelegateCredentials the option
KerberosGetAFSToken does not work. The tickets are transfered correctly because
the AFS tokens are obtained if the command afslog is inserted in /etc/ssh/sshrc
file.
2/
When multiple realms are defined in /etc/krb5.conf sshd uses only the first
default realm for kerberos password authentication. However gssapi access works
with multiple default realms, at least for HEIMDAL. It should be fine if sshd
uses all default realms o...