[OpenAFS] aklog Lies OR Cache Manager Not Storing Tokens

Derrick Brashear shadow@gmail.com
Mon, 24 Nov 2008 17:03:22 -0500

On Mon, Nov 24, 2008 at 2:32 PM, Randy Kemp <rkemp@srhs.net> wrote:
> I'm running openafs 1.4.7 client on Ubuntu Intrepid.  It's running on a
> multi-user application server where all the users connect from thin
> clients via SSH sessions, in other words LTSP 5.  I'm using
> pam_afs_session to get tokens at login.  I'm having an intermittent
> problem where users will sometimes log in and not get an AFS token.

Sure, I bet the GUI login stuff is happening in a different session
and so you're setting tokens; the user (in a different session, or
perhaps with a different uid if you have a kernel which for some
reason meant PAGs got disabled) just can't have them.

I don't see how this means aklog lies or the cache manager is
discarding the tokens.

> Since it's trying to load a graphical session, the users in effect can't
> log in because their home directory can't be accessed.  When this starts
> happening for users it tends to occur for almost all users.  Users that
> are already logged in don't loose their tokes.  Restarting the app.
> server will fix it but sometimes it just resolves itself after a while.
> If I have a user log in to a shell via SSH they can manually exec
> 'aklog' and then it will work fine, even if they log out and back in.
> Once it starts occurring, the users that are already logged in can
> typically log out and back in and get their token without a problem but
> if they exec 'unlog' before logging out the won't get a token when they
> attempt to log back in.

Sure. This sounds like no PAG, and when they aklog *their uid* as
opposed to the one running kdm or whatever gets the tokens. Try 1.4.8.