ftpd and AFS tickets
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Apr 23 13:19:47 EDT 2002
>Currently I'm using SSH with GSSAPI and pam_krb5 support.
>In /etc/profile (and/or pam config for ssh) I'm getting
>the AFS token, so it's possible to use AFS as home when
>doing interactive logins with SSH.
But if you're doing GSSAPI, then pam is never being invoked, right?
Are users typing cleartext passwords inside of ssh?
>But how about the kerberized FTP/Telnet clients/daemons?
We have special versions here that make calls to setpag()/aklog after
tickets have been forwarded so you always get an AFS token automatically.
--Ken
More information about the Kerberos
mailing list