A Workaround to avoid enter your password three times

Following distributions are known that users are asked for the AFS password as much as three times: Two steps shown below is a workaround found by Achim Gsell. This workaround may take effect if following three conditions are satisfied:
  1. Kerberos 5 is installed
  2. OpenSSH 3.9 or later is installed
  3. OpenSSH is compiled with Kerberos 5/GSSAPI support
As far as I know, the workaround will take effect on PSI Scientific Linux 3.

1. Add following realm to your /etc/krb5.conf 


[realms]
         PSI.CH = {
                 kdc = afs00.psi.ch:88 afs01.psi.ch:88 afs02.psi.ch:88
                 kpasswd_server = afs00.psi.ch:464
                 default_domain = psi.ch
         }

[domain_realm]
         .psi.ch = PSI.CH

2. Add following two items to your startup file of your login shell

2.1 for bash/zsh users
Add following lines to your .bashrc/.zshrc 

export SVN_SSH="/usr/bin/ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' -l your-afs-username"

kinit your-afs-username@PSI.CH
2.2 for tcsh/csh users
Add following lines to your .tcshrc/.cshrc 

setenv SVN_SSH "/usr/bin/ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' -l your-afs-username"

kinit your-afs-username@PSI.CH
Following two command-line options to ssh, "GSSAPIAuthentication ..." and "GSSAPIDelegateCredentials ..." will cause error when you access the Subversion repository with svn+ssh protocol. It is highly dependent on how your ssh is configured. OpenSSH which comes with following Linux distributions *ARE NOT* compiled with Kerberos 5/GSSAPI and SSH connection will fail with above two options.
Prev
 Up
Table of Contents 		Next