[OpenAFS] loging into afs: ssh vs gdm

Ron Croonenberg ronc@depauw.edu
Mon, 31 Oct 2005 14:16:04 -0500


Hi Douglas,

>Sounds like gdm and X11 are trying to access your home directory
>before having a token.

hmmm..  I see what you mean  one thing though on other machines
(afs-clients) I don't seem to have that problem.

>If your pam_krb5 has a force_cred and/or force_token option, you >may
want to use it to get the tickets and token early during the auth,
>rather then session or store creds parts of PAM.

ok..   but I don't use pam_krb5 in pam.

>As a test, change the acls on the home directory to allow access
>without a token from the test machine.

that's an idea, let me check that RIGHT now...

(tried a junk account) same things happens...but look at this:


Oct 31 14:06:43 oort gdm(pam_unix)[67778]: session opened for user
jeepdude by (uid=0)
Oct 31 14:06:43 oort gdm[67778]: gdm_slave_session_start: /home/jeepdude
is writable by group.
Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: /home/jeepdude is
writable by group.
Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: Could not open
cookie file /tmp/.gdm9W5qvG
Oct 31 14:06:43 oort gdm[67778]: Tried wiping some old user session
errors files to make disk space and will try adding user auth files
again
Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: /home/jeepdude is
writable by group.
Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: Could not open
cookie file /tmp/.gdm5jAtPM
Oct 31 14:06:53 oort gdm(pam_unix)[67778]: session closed for user
jeepdude
Oct 31 14:07:33 oort kernel: reop_import_path: no such path:
/afs/csc.depauw.edu/home/jeepdude


> and...  on this machine a gdm login with root  works.
>The root home is not in AFS, so you don't need the token early.

I know, but gdm works with "local" accounts..  I meant to say it is not
the case that gdm doesn't work at all.
 
thanks,

Ron