[OpenAFS] gdm + openafs-session management

klaas hagemann klaas@northsailor.de
Fri, 27 Sep 2002 11:48:46 +0200 

Hi again,

using xdm helps.
It seems as if the gdm loginmanager gets trouble with logging out from afs
and doing something else.
It always hangs with the message: gdm_slave_semd: cannot open fifo!
Klaas
----- Original Message -----
From: "Klaas Hagemann" <kerberos@northsailor.de>
To: <openafs-info@openafs.org>
Sent: Thursday, September 26, 2002 6:21 PM
Subject: [OpenAFS] gdm + openafs-session management


> Hi to all,
>
> I still have many problems in getting the gdm login manager working with
> pam_openafs-krb5 the right way.
> Logging in is no problem, only to log out causes many problems.
>
> Here is my /etc/pam.d/gdm on Suse Linux 8.0:
> #%PAM-1.0
> auth       required     /lib/security/pam_nologin.so
> auth       sufficient   /lib/security/pam_unix_auth.so try_first_pass
> auth       required     /lib/security/pam_krb5.so use_first_pass
> account    sufficient   /lib/security/pam_unix_acct.so
> account    required     /lib/security/pam_ldap.so
> password   required     /lib/security/pam_cracklib.so
> password   sufficient   /lib/security/pam_ldap.so
> password   required     /lib/security/pam_pwdb.so use_first_pass
> session    required     /lib/security/pam_unix_session.so
> session    optional     /lib/security/pam_krb5.so
> session    optional     /lib/security/pam_openafs-krb5.so debug
>
> pam_openafs-krb5 returns PAM_SUCCESS, but it seems to cause errors in the
> pam_krb5.
> Therefore logout hangs after finishing the pam_openafs-krb5.
>
> When i create a local home directory the problem occurs as well, so it
does
> not hang because of not being able to write something in the home
directory.
>
> When i modify the pam_openafs-krb5 that way, that it only returns
> PAM_SUCCESS and does nothing, i can log out with no problems.
> But then i cannot log in back again, because the still existent afs-token
> does not match to the kerberos ticket, as far as i can see it. However,
the
> system uses 99% of the ressources to "convert kerberos tickets" and does
not
> want to end.
>
> I tried to use aklog and unlog in the Presession and Postsession scripts,
> but authentication to afs is to late at this point.
>
> Thanks for any comments, i will try them all.
>
> Klaas
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info