[OpenAFS] Re: OpenAFS-info digest, Vol 1 #7363 - 4 msgs
Chad William Seys
cwseys@physics.wisc.edu
Wed, 7 Jun 2023 16:48:56 -0500
Hi all,
I've been trying to know how to disable PAG, but am having a google
fail. Anyone have pointers.
Thanks!
Chad.
On 6/6/23 11:01, openafs-info-request@openafs.org wrote:
> Send OpenAFS-info mailing list submissions to
> openafs-info@openafs.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.openafs.org/mailman/listinfo/openafs-info
> or, via email, send a message with subject or body 'help' to
> openafs-info-request@openafs.org
>
> You can reach the person managing the list at
> openafs-info-admin@openafs.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OpenAFS-info digest..."
>
>
> Today's Topics:
>
> 1. openafs versus systemd (Stephen Quinney)
> 2. openafs versus systemd (spacefrogg-openafs@spacefrogg.net)
> 3. Re: openafs versus systemd (Giovanni Bracco)
> 4. Re: openafs versus systemd (Ken Hornstein)
>
> --__--__--
>
> Message: 1
> From: Stephen Quinney <stephen@jadevine.org.uk>
> Date: Tue, 6 Jun 2023 11:53:08 +0100
> To: OpenAFS <openafs-info@openafs.org>
> Subject: [OpenAFS] openafs versus systemd
>
> We're having trouble with the dbus-user-session package messing up afs
> for logins on Ubuntu 22.04. On 20.04 we solved the issue by just
> removing the package but this is now very difficult due to other
> dependencies.
>
> I'm aware this issue has been discussed before on the mailing list and
> also on the systemd bug tracker
> <https://github.com/systemd/systemd/issues/7261> but I'm still really
> unclear on what the community feels is the best solution to this
> problem.
>
> I realise not everyone is a fan of systemd and some might suggest just
> disabling the user session support entirely but that also appears to
> have undesirable side-effects so I'd like to minimise the impact of
> any changes I have to make.
>
> How have others solved this? Any suggestions?
>
>
> Thanks,
>
> Stephen Quinney
>
> --__--__--
>
> Message: 2
> Date: Tue, 6 Jun 2023 13:38:47 +0200 (GMT+02:00)
> From: spacefrogg-openafs@spacefrogg.net
> To: openafs-info@openafs.org
> Subject: [OpenAFS] openafs versus systemd
>
> I have no idea what exactly is messing up what part, but we also have home =
> directories on AFS and use the following solution for several years now.
>
> Replace the ExecStart line of the user@.service with the following script:
> #!/usr/bin/bash
>
> if [ $(id -u %i) -ge 10000 ]; then
> =C2=A0=C2=A0=C2=A0 export KRB5CCNAME=3D/PATH/TO/CACHE-DEPENDING-ON-$(id -u =
> %i)
> =C2=A0=C2=A0=C2=A0 aklog
> fi
> exec /path/to/systemd --user
>
> You must use the same fixed Kerberos cache files in PAM, obviously.
>
> You should set up a token refresh user service, so that the systemd user se=
> ssion does not die due to missing filesystem access.
>
> We also circumvent issues with PAGs by not using them. I would be intereste=
> d to know, whether this approach works with PAGs.
>
> Regards,
> =E2=80=93Michael
>
> --__--__--
>
> Message: 3
> Date: Tue, 6 Jun 2023 14:06:32 +0200
> To: spacefrogg-openafs@spacefrogg.net, openafs-info@openafs.org
> From: Giovanni Bracco <giovanni.bracco@enea.it>
> Subject: Re: [OpenAFS] openafs versus systemd
>
> Is it possible (and it may be more general) to use kswitch ?
>
> Something like:
>
> #!/usr/bin/bash
>
> if [ $(id -u %i) -ge 10000 ]; then
> kswitch -p $(id -u %i)
> aklog
> fi
> exec /path/to/systemd --user
>
>
> Giovanni
>
>
> On 06/06/23 13:38, spacefrogg-openafs@spacefrogg.net wrote:
>> I have no idea what exactly is messing up what part, but we also have home directories on AFS and use the following solution for several years now.
>>
>> Replace the ExecStart line of the user@.service with the following script:
>> #!/usr/bin/bash
>>
>> if [ $(id -u %i) -ge 10000 ]; then
>> export KRB5CCNAME=/PATH/TO/CACHE-DEPENDING-ON-$(id -u %i)
>> aklog
>> fi
>> exec /path/to/systemd --user
>>
>> You must use the same fixed Kerberos cache files in PAM, obviously.
>>
>> You should set up a token refresh user service, so that the systemd user session does not die due to missing filesystem access.
>>
>> We also circumvent issues with PAGs by not using them. I would be interested to know, whether this approach works with PAGs.
>>
>> Regards,
>> –Michael
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>