[OpenAFS] Token expire quickly in cache manager when using UID and not
PAG
Todd DeSantis
atd@us.ibm.com
Thu, 3 Apr 2003 15:43:47 -0500
Hi Josh:
You don't say which system type your clients are, but the
problem could be related to the AFS client garbage collecting
AFS afs_user structures in the kernel. This daemon generally
runs every 10 to 15 minutes so that may explain why the tokens
last for a short time.
The daemon runs through the afs_user structures and looks for
processes associated with the PAG/UID and if it does not find
a process for this afs_user structure, it gets rid of the token.
I'm not sure if OpenAFS has the gcpags binary, but this can
be used to toggle the client between
YES - PAG garbage collect
NO - Don't gatbage collect
You would need to run this command as root on the client
machine. The gcpags binary is located in src/venus.
You could also debug the problem by using the kdump tool
- get your tokens
- run "kdump -users" > some_save_file_1
- locate the afs_user structure associated with your UID
- when your token vanishes, get another "kdump -users"
and see if your entry disappeared too. At first, it
just might clear your token time, but leave your afs_users
structure.
You can also try running
# kdump -gcpags
and it can give the state of PAG Garbage collection.
afs_gcpags=1 means the machine IS garbage collecting
any other value means that it is off.
I am not sure if OpenAFS has the version of gcpags that toggles
between ON and OFF.
This may be your problem.
Thanks
Todd
Josh Steinhurst
<jsteinhu@zoo.uvm.e To: openafs-info@openafs.org
du> cc:
Sent by: Subject: [OpenAFS] Token expire quickly in cache manager when using UID and
openafs-info-admin@ not PAG
openafs.org
03/28/2003 08:33 PM
We are trying to make use of the cache managers ability to
fall back on
using UIDs to associate processes with tokens instead of using a PAG.
[See end of message for why.] It seems to work as I expected, for
awhile. Consider the following order of operations.
1] SSH from machine A to machine B using public/private key - no
forwarded AFS token.
2] Execute 'klog' (with no parameters) and get a token
3] Leaving this connection in the background, SSH in a second window
from machine A to machine B
4] Executing 'tokens' on the second SSH connection shows that it has
access to the first token.
5] Wait 1-15 minutes
6] The token for both sessions is deleted by the cache manager.
Executing 'tokens' in either window shows an empty token list.
I have two questions I guess:
1] Should this work, I have read the AFS documentation and it seems like
it should. Should the tokens be disappearing like this? Any setting to
be tweaked?
2] Do you have a better idea for the following problem?
The problem trying to be solved:
Secure remote access to a CVS repository stored in AFS. The clients can
not pass a token over SSH. [I can't find a windows ssh executable able
to pass an IBM/OpenAFS token] Don't want to type password every single
transaction, opening an extra window once per day is acceptable.
Thanks for your help, let me know if you need more details about something.
Josh
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info