Jan Bilang wrote:
> every time i enable the option "KerberosGetAFSToken yes" on a computer where
> the afs-client works fine i get a (/var/log/)message(s) like this:
> "sshd[1136]: rexec line 70: Unsupported option KerberosGetAFSToken".


In addtion to requiring Kerberos support, that option only works if your
Kerberos implementation has the required AFS bits (k_setpag() and a few
other calls) and at the moment, only Heimdal has them. There was talk
of adding them as an external library for MIT Kerberos but as far as I
know that's never happened.

Depending on what your OS vendors have done, it might be possible to
configure AFS to work via a PAM module, but that's going to be vendor
specific.

(Hmm, I see that FC3 has a "krbafs" package which implements some but
not all of the functions needed. I don't know if it could be made to
work.)

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev