[OpenAFS] Ubuntu 10.04 Login Issues
Stephan Wiesand
stephan.wiesand@desy.de
Wed, 22 Dec 2010 19:57:19 +0100
Hi,
On Dec 22, 2010, at 18:40 , Thomas Calderon wrote:
> Hi,
>=20
> We are also using Ubuntu 10.04 paired with AFS home dirs and I am =
facing a hard problem with Gnome. Opening and closing sessions work =
flawlessly, but when users lock their workstation at night, they can't =
unlock it the following morning. Of course their TGT and AFS tokens =
expire overnight, which is the main cause of the problem.
from my experience, it will cause other problems as well. For example, =
with firefox. The best approach is to prevent the ticket/token from =
expiring while the user is logged in.
> I read in the discussion that a GCONF_LOCAL_LOCKS variable might =
exist, which sounded promising but has no effect nowadays.
Well, I mentioned that it probably no longer has ;-)
> The problem only occurs with Gnome, KDE is fine. I spend many ours =
trying to debug this issue.=20
>=20
> The issue is reproductible for me using this approach:
> running gnome-screensaver in debug
> renew TGT with 10 seconds lifetime and lock
> wait 15 minutes -> the GUI is freezed
> killing in console gives back the GUI and I can renew TGT in a =
terminal
>=20
> ex:
> cd /tmp
> apt-get source gnome-screensaver
> cd gnome-screensaver-xxx/src/
> sh debug-screensaver.sh (can be tuned to send log to /tmp/xxx.log)
> kinit -l 10 xxx@MYREALM.COM
>=20
>=20
> Any of you could point me in a direction on how to solve this ? I =
might end up using xlock or xscreensaver, but I'd prefer to stay close =
to the "default" environement.=20
I have no experience with Ubuntu (yet). RHEL (at least 5, 6) comes with =
something called krb5-auth-dialog that's started with the user's session =
and will renew the ticket while that's possible. For EL6, we hacked it =
so that it will run aklog right after and hence get a fresh token as =
well. (On EL5, we haven't observed the problem you describe, and I'm not =
even sure it exists on EL6 - we did this to avoid problems with other =
software - like firefox).
If krb5-auth-dialog comes with Ubuntu, it may even be sufficiently =
recent that it doesn't have to be modified to care for AFS tokens. =
Recent versions come with a plugin system, and there's a plugin to do =
just that. Unfortunately, that version can't be built on EL6 - that's =
already too old...
Regards,
Stephan
--=20
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany