[352] in athena10
update_server and remote access
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Fri Aug 1 10:09:32 2008
Message-Id: <22FA0C53-541C-4C59-9723-CB9D72893298@mit.edu>
From: Jonathan Reed <jdreed@MIT.EDU>
To: athena10@mit.edu
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Fri, 1 Aug 2008 10:08:45 -0400
I've been playing with remote access a bit in the hopes of making one
of the OLC dialups into an Athena 10 dialup, and I ran into a couple
of things:
-Is there an update_server in Athena 10 yet? I can't seem to find it,
but I also don't see any mention on the technical plan of us
desupporting it.
-I see the technical plan mentions that the upgrade will convert /etc/
athena/access to /etc/security/access.conf. Can the conversion
script be made available in a standalone format? It seems like the
easiest way to get moira-controlled access on Athena 10 would be to
get a current access DCM and run the conversion as a postacldcm
script. But perhaps adding a new ACL type for Athena 10 machines is
better, I don't know how ops feels. (I'd be happy to take a stab at
writing such a conversion script, if it's not already been done)
- When I ssh to an Athena 10 machine, ssh first prompts for
"Password:". If I (accidentally, for example) simply hit Return, it
then prompts for "Password for jdreed@ATHENA.MIT.EDU:" Presumably
that's a result of PAM stacking, but it's a weird and potentially
confusing behavior, especially since the first prompt will happily
accept the user's Kerberos password. It's a minor thing, but is
there any way around that?
-Jon
