[OpenAFS] openafs + gdm + home directory
Rubino Geiß
kb44@rz.uni-karlsruhe.de
Tue, 17 Sep 2002 19:22:24 +0200
> I seem to be having a problem with gnome gconf in Redhat 7.3.
>
> upon logout, I get "afs failed to store file" on the console and upon
> logging back in and running nautilus, it says that gconf
> failed to load.
>
> I have partially tracked it down to a lockfile that is not
> removed from
> ~/.gconfd/lock. If I remove that directory, gconfd doesn't complain.
>
> I temporarily worked around this by doing fs sa ~/.gconfd
> system:anyuser
> write. I know this is BAD, but I don't have another option at
> this time.
>
> Does anyone have some insight?
All this can be easily avoided by: (source
http://www.openafs.org/pages/doc/QuickStartUnix/auqbg007.htm)
no_unlog
Normally the tokens are deleted (in memory) after the session ends.
Using this options the tokens are left untouched. This behaviour has
been the default in pam_afs until openafs-1.1.1!
remainlifetime sec
The tokens are kept active for sec seconds before they are deleted. X
display managers i.e. are used to inform the applications started in the
X session before the logout and then end themselves. If the token was
deleted immediately the applications would have no chance to write back
their settings to i.e. the user's AFS home space. This option may help
to avoid the problem.
(/etc/pam.d/xdm)
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_login_access.so
auth sufficient /lib/security/pam_afs.so ignore_uid 100
use_klog
auth required /lib/security/pam_pwdb.so try_first_pass
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok
use_authtok
session optional /lib/security/pam_afs.so remainlifetime 10
# ^^^^^^^^^^^^^^^^^
#Wait 10 seconds before deleting the AFS tokens in order to give
#the programs of the X session some time to save their settings
#to AFS.
session required /lib/security/pam_pwdb.so