[OpenAFS] Re: Help: Can OpenSSH get OpenAFS token after the client login?
Booker Bense
bbense at slac.stanford.edu
Sat Jun 11 10:20:18 EDT 2011
For various reasons[1] I've found that the pam solution doesn't
cover all bases and I've resorted to putting aklog in
/etc/ssh/sshrc
If you have an sshrc it needs to deal with the xauth stuff as
well.
#
# Evil workaround for pam sshd stupidity.
if [ -n "$KRB5CCNAME" ] && [ -x /usr/bin/aklog ]; then
/usr/bin/aklog
fi
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` =
'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | /usr/bin/xauth -q -
fi
- Booker C. Bense
[1]- To be honest I've forgotten exactly what the combination
was, but there was one edge case that I just couldn't get the
pam based solution to work. The sshrc solution is also required
on OS X.
More information about the Kerberos
mailing list