[HCoop-Help] permission problems (ssh access with passwordless login)
Andrew T
andrew at hcoop.net
Mon Jun 29 18:31:53 EDT 2009
2009/6/29 Adam Chlipala <adamc at hcoop.net>:
> Andrew T wrote:
>> I am using mit-krb5 1.6.3 on gentoo and trying to follow the "Instructions" at
>> http://wiki.hcoop.net/MemberManual/ShellAccess/PasswordlessLogin.
>>
>> When I ssh to mire using a standard password login everything works
>> fine. When I ssh to mire using kereberos credentials, the login
>> succeeds but I don't automatically get write access to my home
>> directory from my login shell. Any suggestions? Why aren't my kerberos
>> credentials being forwarded to mire's AFS?
>>
>
> If you run "aklog" manually on mire, does everything work? We
> definitely want this to happen automatically, but an answer to this
> question should help determine how big of a problem you're running into.
>
Case 1: I log into hcoop first and "kdestroy" and "rm
/tmp/krb5cc_10830" to remove any cached tickets. When I log out and
back into mire again using kerberos, "klist" shows no credentials
cache. So aklog doesn't work. If you do a "kinit andrew at HCOOP.NET"
followed by an "aklog" everything is fine.
Case2: Following on immediately from case 1, if I log out of mire and
log back in again using kerberized ssh , klist shows the cached
credentials generated at the end of Case 1. I don't have write access
to my home folder at this stage and so I must be considered as
system:anyuser since I can only list directories and read files in a
few selected directories like .domtool. After typing "aklog" full
read-write access is restored (most likely using the cached
credentials on mire rather than the credentials provided to sshd)
More information about the HCoop-Help
mailing list