Derek Harkness wrote:
> I upgraded a test workstation to 4.0, I compiled two versions one with
> kerberos+afs support and another with just PAM. The goal is to be able
> to login using kerberos and get an afs token.

[...]
> The bigger problem is the PAM integration. When I login using just PAM
> I am able to get logged in but neither my kerberos tickets or my afs
> tokens are set. Just wondering if anyone has a suggestion on getting
> this working. Since I have far to many server with ssh to request
> keytabs for all of them.


Try forcing sshd to use password authentication (ie
"PasswordAuthentication yes" and "ChallengeResponseAuthentication no"
sshd_config).

For the gory details on why this might make a difference, see:
http://bugzilla.mindrot.org/show_bug.cgi?id=688

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.