[OpenAFS] uw-imap & tokens
Miles Davis
miles@CS.Stanford.EDU
Wed, 4 Apr 2007 13:17:13 -0700
On Wed, Apr 04, 2007 at 06:07:46PM +0100, David Howells wrote:
> Miles Davis <miles@CS.Stanford.EDU> wrote:
>
> > Let me step back too, in case I'm on the wrong path. My symptom is
> > that tokens are disappearing out from under users after a few minutes
> > in a session. They're not expiring. Running "keyctl show" after ssh
> > login shows that my keying is uid 0, but I don't know why.
>
> Can you run "keyctl show" immediately after you log in?
>
> > Session Keyring
> > -3 --alswrv 0 0 keyring: _uid_ses.0
> > 2 --alswrv 0 0 \_ keyring: _uid.0
> > 29391168 ----s--v 0 0 \_ afs_pag: _pag
That was an example of it.
I've since replaced my sshd_config & sshd pam config with the default,
which I think I had changed dozens of times in the past week trying to
eliminate imap problems, and the problem was the missing
pam_keyinit.so line:
session optional pam_keyinit.so force revoke
sticking that back in pam.d/sshd seems to solve it. Not sure if that
will also solve my imap problem, since I think that was in there
already, but I'll keep testing.
Thanks for the point in the right direction.
--
// Miles Davis - miles@cs.stanford.edu - http://www.cs.stanford.edu/~miles
// Computer Science Department - Computer Facilities
// Stanford University