search for: afslog

...legated gssapi credentials in OpenSSH-3.8. I have not had this problem as I used a different method which this mod is based on. This proposed change would replace the calls to kafs. OpenAFS could then distribute the dynamic library, that would get a PAG and fork/exec some program like aklog, or afslog to actually get the token. The aklog or afslog could be distributed by OpenAFS or some Kerberos vendor. The routine loaded is the get_afs_token routine that I proposed last week but without the -setpag "kernel hack". It would have setpag code added to it instead and this runs in the...

Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two

...rently requires Heimdal libkafs) in combination with GSSAPIDelegateCredentials. The patch is in the public domain and comes with no warranty whatsoever. Applies to pristine 3.8p1. Works for me on Solaris and Tru64. I'd probably have used Doug Engert's patch from 2004-01-30 if Heimdal's afslog command supported -setpag; although to be honest I don't really like the idea of children being able to change their parent's PAG. * modified files ./auth-krb5.c ./auth.h ./session.c * file diffs --- orig/auth-krb5.c +++ mod/auth-krb5.c @@ -199,6 +199,25 @@ return (1); }...

1/ When I access with GSSAPIAuthentication & GSSAPIDelegateCredentials the option KerberosGetAFSToken does not work. The tickets are transfered correctly because the AFS tokens are obtained if the command afslog is inserted in /etc/ssh/sshrc file. 2/ When multiple realms are defined in /etc/krb5.conf sshd uses only the first default realm for kerberos password authentication. However gssapi access works with multiple default realms, at least for HEIMDAL. It should be fine if sshd uses all default realms o...