[OpenAFS-devel] Get no token when su-ing with sudo

[Charles Clancy]

> Your best bet, probably, is to change sudo to not create a PAG.
> I don't know the magic pam_afs incantation..  Perhaps -no-setpag?

There's no "no-setpag"; you have to use "refresh_tokens", so:
	su auth sufficient /usr/lib/pam_afs.so.1 refresh_tokens

Of course, for su-ing to root, this would also work just as well:
	su auth sufficient /usr/lib/pam_afs.so.1 ignore_root

I assume "su" is the one that knows about pam_afs, not "sudo" itself.
If all you are ever doing is sudo su-ing to root, why even have pam_afs
involved at all?  That password it's prompting you for -- is that sudo
asking for the password of some AFS user, or su asking you for the root
password?  If you're not authenticating to AFS, then get rid of pam_afs,
and your PAG problems will go away.

[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]