[OpenAFS] openafs + gdm + home directory

Daniel Swärd excds@kth.se
18 Sep 2002 16:33:34 +0200 

Setting the "CLOSE_SESSION" option in /etc/login.defs to "yes" ?

	/Daniel

On Wed, 2002-09-18 at 16:07, Klaas Hagemann wrote:
> Hi,
> 
> i think there are 2 seperated possibilities which may occure:
> 
> 1. the token is destroyed before all the files are written in the
> home-direktory
> 
> 2. the display- or loginmanager (i am not very familiar with these things
> yet) writes these files as its own user or even as root.
> 
> I have no idea, which one of these failures occours, or even both.
> Anybody any idea?
> 
> Klaas
> ----- Original Message -----
> From: "Rubino Geiß" <kb44@rz.uni-karlsruhe.de>
> To: "'Jason Edgecombe'" <jedgecombe@carolina.rr.com>;
> <openafs-info@openafs.org>
> Sent: Tuesday, September 17, 2002 7:22 PM
> Subject: RE: [OpenAFS] openafs + gdm + home directory
> 
> 
> > > I seem to be having a problem with gnome gconf in Redhat 7.3.
> > >
> > > upon logout, I get "afs failed to store file" on the console and upon
> > > logging back in and running nautilus, it says that gconf
> > > failed to load.
> > >
> > > I have partially tracked it down to a lockfile that is not
> > > removed from
> > > ~/.gconfd/lock. If I remove that directory, gconfd doesn't complain.
> > >
> > > I temporarily worked around this by doing fs sa ~/.gconfd
> > > system:anyuser
> > > write. I know this is BAD, but I don't have another option at
> > > this time.
> > >
> > > Does anyone have some insight?
> >
> > All this can be easily avoided by: (source
> > http://www.openafs.org/pages/doc/QuickStartUnix/auqbg007.htm)
> >
> > no_unlog
> > Normally the tokens are deleted (in memory) after the session ends.
> > Using this options the tokens are left untouched. This behaviour has
> > been the default in pam_afs until openafs-1.1.1!
> >
> > remainlifetime sec
> > The tokens are kept active for sec seconds before they are deleted. X
> > display managers i.e. are used to inform the applications started in th=
e
> > X session before the logout and then end themselves. If the token was
> > deleted immediately the applications would have no chance to write back
> > their settings to i.e. the user's AFS home space. This option may help
> > to avoid the problem.
> >
> > (/etc/pam.d/xdm)
> >    auth       required     /lib/security/pam_nologin.so
> >    auth       required     /lib/security/pam_login_access.so
> >    auth       sufficient   /lib/security/pam_afs.so ignore_uid 100
> > use_klog
> >    auth       required     /lib/security/pam_pwdb.so try_first_pass
> >    account    required     /lib/security/pam_pwdb.so
> >    password   required     /lib/security/pam_cracklib.so
> >    password   required     /lib/security/pam_pwdb.so shadow nullok
> > use_authtok
> >    session    optional     /lib/security/pam_afs.so remainlifetime 10
> >    #                                                ^^^^^^^^^^^^^^^^^
> >    #Wait 10 seconds before deleting the AFS tokens in order to give
> >    #the programs of the X session some time to save their settings
> >    #to AFS.
> >    session    required     /lib/security/pam_pwdb.so
> >
> > _______________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info