Hi!
I've noticed that openssh always does a do_setpag() if compiled with
AFS-support no matter which authentication method is used.
Maybe I'm missing something but shouldn't it only get a pag, if
AFS-token-passing is used?
If password authentication is used, an AFS-pam-module (or the authenticate
function on AIX) will do the job, otherwise, no token can be
obtained and therefore no pag is needed.
I noticed that because normally root wants to login without a pag, which
is not possible now.
I attached a small patch, that moves the do_setpag-part from
do_authentication to the afs-token-passing section of do_authloop, maybe
you'll find that useful.
cheers,
--leo
-----------------------------------------------------------------------
Alexander (Leo) Bergolth leo@leo.wu-wien.ac.at
WU-Wien - Zentrum fuer Informatikdienste http://leo.wu-wien.ac.at
Info Center
Computers are like air conditioners -
they stop working properly when you open Windows
I've noticed that openssh always does a do_setpag() if compiled with
AFS-support no matter which authentication method is used.
Maybe I'm missing something but shouldn't it only get a pag, if
AFS-token-passing is used?
If password authentication is used, an AFS-pam-module (or the authenticate
function on AIX) will do the job, otherwise, no token can be
obtained and therefore no pag is needed.
I noticed that because normally root wants to login without a pag, which
is not possible now.
I attached a small patch, that moves the do_setpag-part from
do_authentication to the afs-token-passing section of do_authloop, maybe
you'll find that useful.
cheers,
--leo
-----------------------------------------------------------------------
Alexander (Leo) Bergolth leo@leo.wu-wien.ac.at
WU-Wien - Zentrum fuer Informatikdienste http://leo.wu-wien.ac.at
Info Center
Computers are like air conditioners -
they stop working properly when you open Windows
Attached Files:
-
openssh-setpag.patch (0.83 KB)