[OpenAFS] Starting xinetd without AFS

Madhusudan Singh chhabra@eecs.umich.edu
Sat, 01 Jun 2002 16:56:31 +0000 

Hi

    I found a workaround without using the dynroot option. I used quickswicth
to switch between my pam.d/login files for the two profiles.

Derek Atkins wrote:

> Before I answer your specific questions, I should point out that
> the benefit you get from dynroot is SOLELY that /afs is created
> dynanically instead of using the root.afs volume.  In my mind, the
> real benefit is that you can _start_ AFS at any time, regardless of
> your network condition.  The rest of AFS, and how it works, is not
> affected by -dynroot.
>

Ok.


>
> Having said that....
>
> Madhusudan Singh <chhabra@eecs.umich.edu> writes:
>
> > So what happens if I am :
> >
> > 1. Online ?
>
> Everything works normally.  You probably would never notice the
> difference.
>
> > 2. Connected on a home network and can access the net indirectly (through
> > DHCP and IP Masq) ?
>
> Provided that your IP Masq UDP Timeouts are large enough, this should
> work fine, too.  Just make sure your UDP timeouts are on the order of
> 20 minutes or so, to make sure that you don't lose AFS Callbacks.
>

Is there a way for AFS to use this route to locate the AFS server ? I expect
not as reverse process to IP Masq would not work.


> > The issue now is that I get a truckload of rx: cannot connect type
> > errors. (My home directory exists on the laptop and I had assigned a
> > non-AFS password to it (there is an entry in /etc/passwd) ).
>
> I suspect this is from pam_afs.so.  What I would recommend, in your
> case, is to ignore PAM completely and use klog and/or kinit/aklog by
> hand to authenticate to AFS.
>
> > Is there a way in which I can make pam_afs.krb.so to have a timeout
> > so that it proceeds to the next line in /etc/pam.d ?
>
> I have no idea.  Sorry.
>

Well, I managed to find a work around. Thanks anyways :)

>
> > Thanks.
> >
> > MS
> >
> > PS : You might want to set a Reply To field to
> > openafs-info@openafs.org in your mail client.
>
> Why?  reply-to-all will do the right thing.  Unlike some people I
> don't care if mail is sent to both me and the list -- my mail reader
> will notice the duplicate message ID and only show me the first copy.
>

Actually, I was a member of this list about 7-8 months ago and sent you a few
emails the way you suggest above. You were quite annoyed at my sending you
copies of the emails :)