SSH Key
Status
Using a personal ssh-key (instead of a password) to login on any of our login systems is not possible.
Technical Background
To allow a server process (sshd) to verify the key a user login-request is presenting it needs to be able to access ~/.ssh/authorized_keys. This file is located in $HOME.
On usual local systems this is no problem as root (and sshd in this early stage of the login process) has full access to a locally mounted file system /home and can read /home/userid/.ssh/authorized_keys without any problem.
For OpenAFS this is not the case. Without a Kerberos-Tickets and correctly configured access rights no access is granted. This is true for the super user root and any service-daemons also. No process has any rights to access any files stored in OpenAFS.
Workarounds / Solutions
- NONE available
See also