[OpenAFS] afs throws tokens away (linux)

Friedrich Delgado Friedrichs 6delgado@informatik.uni-hamburg.de
Fri, 2 Aug 2002 13:41:13 +0200


--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hiho!

Since last week i run openafs with kerberos 5 in a setup of 3 linux
workstations at work.

On all of the three machines the afs token occasionally is lost. This
happens quite often after login and/or if there's quite a lot of network
traffic (e.g. while running a ftp mirror to the afs space). The kerberos Ti=
cket
is still present, so typing "aklog" in a shell is sufficient to get an
afs token immediately.

Still this is a little annoying. Not so much for me, since i don't mind
typing "aklog" from time to time, but more for the two users who are
already testing (and trying to work with) the system.

All of the three machines are running SuSE 8.0 with an off the shelf
2.4.18-SuSE kernel (with all of the curious patches that they include).

I built an openafs-1.2.5 rpm myself (after the example of someone from
tu-chemnitz.de), mit kerberos 5 and we're using redhat's krb5 pam-module
and debian's openafs pam-module to authenticate. The afs token is always
present after login, however the pam-modules don't seem to generate a
pag. It seems the pag is not needed for using my files. What am i
missing here?

The hardware is quite different on the three machines.

Currently the setup is running in a preliminary setup, which also means that
the machines are connected via a cheesy 10 Mbit hub. We're going to
utilize a decent 100Mbit switch later.

I can't find no indication of the token being dropped in any of the
server logs. The system logs show nothing at all, as far as i can see
(maybe i'm looking for the wrong patterns).

There are two database servers, one of which i use as the system control
machine. All three machines are running the afs fileserver and are
serving different volumes.

All RO volumes are replicated on two servers.

Has anyone experienced something similar?

Kind regards
	Friedel
--=20
	Friedrich Delgado Friedrichs <friedel@nomaden.org>
Laziness led to the invention of the most useful tools.

--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iEYEARECAAYFAj1Kb9kACgkQCTmCEtF2zEA+owCfYGo9yNf8LnR340/RcUZZdz0V
JIAAoMmlxoHzDmLZG/RIjAaeRzgKsnCP
=XicX
-----END PGP SIGNATURE-----

--XsQoSWH+UP9D9v3l--