[OpenAFS] Strange token issues
John Koyle
jkoyle@rfpdepot.com
Mon, 06 Oct 2003 13:53:42 -0600
ssh to machineA as user bob.
kinit/aklog user bob and receive ticket/token.
Open a new window on the client and ssh to machineA as user root.
Running tokens shows Bob's token!
Running unlog in root's terminal removes the token, both for user root
and user bob.
If I then do a kinit/aklog as root, bob can sees the new token instead
of his own!
This is a fully patched redhat 7.2 system. I have a similar
system/system running the same openafs/redhat versions that behaves
correctly.
Any ideas on why this would happen. Stopping afs (umount /afs; rmmod
libafsmodule) and restarting it didn't fix the problem.
I know I can do an aklog -setpag and root will not be able to see the
token, however this is for a long running processes where cron jobs will
need to execute within AFS space as user bob and I don't want any PAG's
for this user.
Any ideas?
Thanks,
John
bob@client:~$ ssh machineA
Password:
Last login: Mon Oct 6 13:14:17 2003 from x.x.x.x
[bob@machineA bob]$ kinit
Password for bob@DOMAIN.COM:
[bob@machineA bob]$ aklog
[bob@machineA bob]$ tokens
Tokens held by the Cache Manager:
User's (AFS ID 401) tokens for afs@domain.com [Expires Oct 6 23:38]
--End of list--
---------------------------------------------------------
bob@client:~$ ssh -l root machineA
Password:
Last login: Mon Oct 6 11:51:42 2003 from x.x.x.x
[root@machineA root]# tokens
Tokens held by the Cache Manager:
User's (AFS ID 401) tokens for afs@domain.com [Expires Oct 6 23:38]
--End of list--
---------------------------------------------------------
[root@machineA root]# unlog
[root@machineA root]# tokens
Tokens held by the Cache Manager:
--End of list--
---------------------------------------------------------
[bob@machineA bob]$ tokens
Tokens held by the Cache Manager:
--End of list--