[OpenAFS] openafs versus systemd
Giovanni Bracco
giovanni.bracco@enea.it
Tue, 6 Jun 2023 14:06:32 +0200
Is it possible (and it may be more general) to use kswitch ?
Something like:
#!/usr/bin/bash
if [ $(id -u %i) -ge 10000 ]; then
kswitch -p $(id -u %i)
aklog
fi
exec /path/to/systemd --user
Giovanni
On 06/06/23 13:38, spacefrogg-openafs@spacefrogg.net wrote:
> I have no idea what exactly is messing up what part, but we also have home directories on AFS and use the following solution for several years now.
>
> Replace the ExecStart line of the user@.service with the following script:
> #!/usr/bin/bash
>
> if [ $(id -u %i) -ge 10000 ]; then
> export KRB5CCNAME=/PATH/TO/CACHE-DEPENDING-ON-$(id -u %i)
> aklog
> fi
> exec /path/to/systemd --user
>
> You must use the same fixed Kerberos cache files in PAM, obviously.
>
> You should set up a token refresh user service, so that the systemd user session does not die due to missing filesystem access.
>
> We also circumvent issues with PAGs by not using them. I would be interested to know, whether this approach works with PAGs.
>
> Regards,
> –Michael
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Giovanni Bracco
phone +39 351 8804788
E-mail giovanni.bracco@enea.it
WWW http://www.afs.enea.it/bracco