Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Host Based Authentication and AFS
- Paul Mitchell
February 15, 2005, 6:18 pm
rate this thread
Has anyone managed to get a passwordless authentication with a
non-local, AFS account? I've been running through various documents and
settings on the net, but can't, yet, pull it off.
For the record, I'm attempting to use OpenSSH_3.6.1p2 on a G5 (OS X
I've generated the id_dsa.pub both with and without passphrases, made sure
that my ~/.ssh directory and the authorized_keys2 (And authorized_keys)
files are all chmod 600. I've placed the id_dsa.pub key at the end of
authorized_key* (since this is AFS, I assume that I don't have to transfer
this to the account on the remote server, since the account is the same on
NO matter what I do, I always fall through to keyboard-interactive, which
generates a password prompt.
I'm trying to set up a LAM boot, and the prompt is disrupting this.
Any suggestions will be appreciated, thanks,
phone: (919) 962-9778
office: I have an office, room 14, Phillips Hall
- Richard E. Silverman
February 15, 2005, 9:22 pm
Re: Host Based Authentication and AFS
PM> Hello, Has anyone managed to get a passwordless authentication
PM> with a non-local, AFS account? I've been running through various
PM> documents and settings on the net, but can't, yet, pull it off.
I haven't worked much with AFS, but I imagine you pretty much have to use
Kerberos authentication (either ticket or password) to get this to work.
sshd doesn't have access to your home directory without AFS credentials,
and so can't read ~/.ssh/authorized_keys. Even if you moved the
authorization files somewhere local, you still don't have your home
If you arrange SSH Kerberos authentication via GSSAPI, you can set
KerberosGetAFSToken on the server and it should all work seamlessly.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum