Jon Peatfield wrote:
> On Wed, 26 Aug 2009, Troy Dawson wrote:
> 
>> Hi Eve,
>> The problem is that a plain SL5 ssh client does not do 
>> GSSAPIDelegateCredentials and this is what is needed for you to get your AFS 
>> credentials on minos06.
>>
>> https://fermilinux.fnal.gov/documentation/security/ssh-client/
> <snip>
> 
> I hope no-one minds if I ask a stupid question...
> 
> What is to stop a user from adding the relevant section to their own 
> .ssh/config ?  I know that isn't useful for catching all users but it is a 
> useful test...
> 
> According to my understanding of the ssh client the *first* (matching) 
> value found for each parameter is the one used and it is defined to read 
> the user config before the system one (and command-line options before 
> that)...
> 
> BTW the web page mentions a clash with GSSAPIDelegateCredentials on 
> Ubuntu, which probably means that they are setting the value earlier than 
> the suggested host... fragment (so will be found first).
> 
> From man ssh_config (on sl5 in case it matters):
> 
> ...
>    Since the first obtained value for each parameter is used, more
>    host-specific declarations should be given near the beginning of the
>    file, and general defaults at the end.
> ...
> 
>   -- Jon

Hi Jon,
You  are right, with that section at the top of the ssh_config file, 
Ubuntu users shouldn't have a problem.  I have rewritten it to sound 
better.  But I'm leaving it in, because it's usually the Ubuntu users 
that have been having problems getting AFS tokens when they login.
Troy
-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________