[OpenAFS] openafs + gdm + home directory

Jason Edgecombe jedgecombe@carolina.rr.com
Wed, 18 Sep 2002 13:37:57 -0400 

hi,

   Thank you for the insight, but I forgot to mention that I am not 
using the pam_afs module. I am using the pam_krb5afs module that come 
with redhat. Our site just migrated to krb5 and the kdc will be turned 
off by the end of the month.

Jason

Rubino Geiß wrote:
>>I seem to be having a problem with gnome gconf in Redhat 7.3.
>>
>>upon logout, I get "afs failed to store file" on the console and upon 
>>logging back in and running nautilus, it says that gconf 
>>failed to load.
>>
>>I have partially tracked it down to a lockfile that is not 
>>removed from 
>>~/.gconfd/lock. If I remove that directory, gconfd doesn't complain.
>>
>>I temporarily worked around this by doing fs sa ~/.gconfd 
>>system:anyuser 
>>write. I know this is BAD, but I don't have another option at 
>>this time.
>>
>>Does anyone have some insight?
> 
> 
> All this can be easily avoided by: (source
> http://www.openafs.org/pages/doc/QuickStartUnix/auqbg007.htm)
> 
> no_unlog 
> Normally the tokens are deleted (in memory) after the session ends.
> Using this options the tokens are left untouched. This behaviour has
> been the default in pam_afs until openafs-1.1.1! 
> 
> remainlifetime sec 
> The tokens are kept active for sec seconds before they are deleted. X
> display managers i.e. are used to inform the applications started in the
> X session before the logout and then end themselves. If the token was
> deleted immediately the applications would have no chance to write back
> their settings to i.e. the user's AFS home space. This option may help
> to avoid the problem.
> 
> (/etc/pam.d/xdm) 
>    auth       required     /lib/security/pam_nologin.so
>    auth       required     /lib/security/pam_login_access.so
>    auth       sufficient   /lib/security/pam_afs.so ignore_uid 100
> use_klog
>    auth       required     /lib/security/pam_pwdb.so try_first_pass
>    account    required     /lib/security/pam_pwdb.so
>    password   required     /lib/security/pam_cracklib.so
>    password   required     /lib/security/pam_pwdb.so shadow nullok
> use_authtok
>    session    optional     /lib/security/pam_afs.so remainlifetime 10
>    #                                                ^^^^^^^^^^^^^^^^^
>    #Wait 10 seconds before deleting the AFS tokens in order to give
>    #the programs of the X session some time to save their settings
>    #to AFS.
>    session    required     /lib/security/pam_pwdb.so
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>