|
SSH is an indispensable tool for system administration,
and we build AFS-aware ssh binaries since many years.
Our current distribution is based on a slightly modified
OpenSSH 3.8p1/3.9p1/4.0p1 (we allow for "gssapi-with-mic", "K5/AFS",
"AFS" and "plain password" methods of authentication).
Some details:
- Config options included "--without-pam" and "--with-tcpwrappers".
- "session.c" was modified to allow a user
to obtain a PAG-based AFS token upon successful K5 authentication,
as suggested by Douglas Engert from Argonne Lab.
This is only valid for AFS cells running K5 "kdc" in the place
of "kaserver". The default "/etc/sshd_config" file supports
exactly this method of authentication.
(NB: this method
requires the correctly set up "/etc/krb5.conf" and "/etc/krb5.keytab"
files).
- In case all "Kerberos.." options are set to "no" in the
"/etc/sshd_config" file, the "klog" based method of authentication
is used (to achieve this, we have modified "auth-passwd.c"). User
is admitted to the system and obtains a PAG-based AFS token.
- Protocol 2 is enforced in "/etc/sshd.config".
- Libraries used for the builds:
3.8p1: heimdal-0.6, openssl-0.9.7c, zlib-1.2.1
3.9p1: k5mit-1.3.5/1.3.6, openssl-0.9.7e, zlib-1.2.1+sec.patches2004
4.0p1: k5mit-1.4.1, openssl-0.9.7g, zlib-1.2.2
The binaries that are present here were built for our internal use.
They come complete with installation scripts, or in a packed
form (RPMs, on Linux). We offer them on the "as-is" basis,
so either trust us and check these - very loose indeed -
download conditions.
Or renounce the download.
Of course,
we are interested in any feedback, please report any problem to
sys@caspur.it.
|