[OpenAFS] afs throws tokens away (linux)
Friedrich Delgado Friedrichs
6delgado@informatik.uni-hamburg.de
Sun, 4 Aug 2002 14:38:00 +0200
--ZoaI/ZTpAVc4A5k6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
FBO schrieb:
&<
> AFAIK /var/log/auth.log will show any (Pam-)session that is started.
&<
> Cron-Jobs are covered by auth.log, too.
&<
Ok, i recall that the bug happened to me without any other pam-session
being started. I did a "watch tokens" in a shell, listened to mp3s and
edited a file in emacs, and the token disappeared.
Fortunately (for me), since i set up a second dbserver and a slave KDC
at work, the bug did not happen to me anymore. We'll see what the next
week brings. If this happens again, i'll look at the appropriate logs.
Am I correct in assuming that only pam-sessions throw away tokens automatic=
ally
(i.e. other than typing "unlog" manually)? Are there other mechanisms
leading to a token being discarded?
> Do you mean processes doing setuid() ? This should not influence
> other sessions because setuid() doesn't know anything about kerberos
> or afs, only pam does. "su" itself uses pam but AFAIK it's no
> good idea to have kerberos- or afs-modules in its pam-rules.
What if you want to su to an afs user? I don't see why that would be a
bad idea. Anyways, there was no such thing while i was testing, so
this is purely academic.
Kind regards
Friedel
--=20
Friedrich Delgado Friedrichs <friedel@nomaden.org>
Laziness led to the invention of the most useful tools.
--ZoaI/ZTpAVc4A5k6
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iEYEARECAAYFAj1NICcACgkQCTmCEtF2zEANhQCfTT5lZKAnd66PnxFxCIHbzO58
ui4AoLDAIJQigXmAZ5GGY2IVTYzGVBS9
=J5hZ
-----END PGP SIGNATURE-----
--ZoaI/ZTpAVc4A5k6--