Subject: | |
From: | |
Reply To: | |
Date: | Thu, 27 Aug 2009 10:08:58 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Jon Peatfield wrote:
> On Wed, 26 Aug 2009, Troy Dawson wrote:
>
>> Hi Eve,
>> The problem is that a plain SL5 ssh client does not do
>> GSSAPIDelegateCredentials and this is what is needed for you to get your AFS
>> credentials on minos06.
>>
>> https://fermilinux.fnal.gov/documentation/security/ssh-client/
> <snip>
>
> I hope no-one minds if I ask a stupid question...
>
> What is to stop a user from adding the relevant section to their own
> .ssh/config ? I know that isn't useful for catching all users but it is a
> useful test...
>
> According to my understanding of the ssh client the *first* (matching)
> value found for each parameter is the one used and it is defined to read
> the user config before the system one (and command-line options before
> that)...
>
> BTW the web page mentions a clash with GSSAPIDelegateCredentials on
> Ubuntu, which probably means that they are setting the value earlier than
> the suggested host... fragment (so will be found first).
>
> From man ssh_config (on sl5 in case it matters):
>
> ...
> Since the first obtained value for each parameter is used, more
> host-specific declarations should be given near the beginning of the
> file, and general defaults at the end.
> ...
>
> -- Jon
Hi Jon,
You are right, with that section at the top of the ssh_config file,
Ubuntu users shouldn't have a problem. I have rewritten it to sound
better. But I'm leaving it in, because it's usually the Ubuntu users
that have been having problems getting AFS tokens when they login.
Troy
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________
|
|
|