Displaying 4 results from an estimated 4 matches for "kerberos_get_afs_token".
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
...ctxt *authctxt);
+void session_krb5_use_ccache(Authctxt *authctxt);
#endif /* KRB5 */
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
--- orig/session.c
+++ mod/session.c
@@ -1462,20 +1462,22 @@
* home directory is in AFS and it's not world-readable.
*/
- if (options.kerberos_get_afs_token && k_hasafs() &&
- (s->authctxt->krb5_ctx != NULL)) {
- char cell[64];
+ if (options.kerberos_get_afs_token && k_hasafs()) {
+ session_krb5_use_ccache(s->authctxt);
+ if (s->authctxt->krb5_ctx != NULL) {
+ char cell[64];
- debug("Getting AFS...
2004 Feb 27
2
OPenAFS and OpenSSH replacing kafs
...gt;
+#else
#if defined(KRB5) && defined(USE_AFS)
#include <kafs.h>
#endif
+#endif
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -1453,6 +1457,28 @@
*/
environ = env;
+
+#ifdef ANL_AFS_PAG
+ /* Get PAG and AFS token using external program and KRB5CCNAME */
+ if (options.kerberos_get_afs_token) {
+ void * handle;
+ int (*get_afs_token)(char * pgm, char ** env,
+ char *homedir, int setpag);
+
+ debug("Getting AFS PAG and token");
+ handle = dlopen("/usr/lib/afs_get_token.so",0); /* needs a better location */
+
+ if (handle) {
+ get_afs_token = dlsym(handle...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2004 Jan 26
6
OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to
suggest an alternative which has advantages to all parties.
The OpenSSH sshd needs to do two things:
(1) sets a PAG in the kernel,
(2) obtains an AFS token storing it in the kernel.
It can use the Kerberos credentials either obtained via GSSAPI
delegation, PAM or other kerberos login code in the sshd.
The above two