[OpenAFS] loging into afs: ssh vs gdm

Douglas E. Engert deengert@anl.gov
Mon, 31 Oct 2005 12:56:53 -0600

Ron Croonenberg wrote:
> Hi Frank,
>>Just a guess: Maybe you should have a look @ the last lines of
>>~cowboy/.xession-errors . I once had a problem that looked like
>>yours. I blamed AFS/Kerberos/NSA but is was just a syntax error in
>>/etc/X11/XSession.d/somefile which prevented the session itself from

Sounds like gdm and X11 are trying to access your home directory
before having a token.

If your pam_krb5 has a force_cred and/or force_token option, you may
want to use it to get the tickets and token early during the auth,
rather then session or store creds parts of PAM.

As a test, change the acls on the home directory to allow access
without a token from the test machine.

> hmm..   I don't seem to have .xsession-errors.
> Another thing.  ~cowboy is on afs.  and I can start gdm sessions from
> other machines with an afs client.
> and...  on this machine a gdm login with root  works.

The root home is not in AFS, so you don't need the token early.
> thanks,
> Ron
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444