[OpenAFS] loging into afs: ssh vs gdm

Douglas E. Engert deengert@anl.gov
Mon, 31 Oct 2005 14:00:59 -0600 

What is:
Oct 31 14:07:33 oort kernel: reop_import_path: no such path:
  /afs/csc.depauw.edu/home/jeepdude

So it looks like it is still trying to lookin AFS, even though
you said it was a local account.



Ron Croonenberg wrote:

> Hi Douglas,
> 
> 
>>Sounds like gdm and X11 are trying to access your home directory
>>before having a token.
> 
> 
> hmmm..  I see what you mean  one thing though on other machines
> (afs-clients) I don't seem to have that problem.
> 
> 
>>If your pam_krb5 has a force_cred and/or force_token option, you >may
> 
> want to use it to get the tickets and token early during the auth,
> 
>>rather then session or store creds parts of PAM.
> 
> 
> ok..   but I don't use pam_krb5 in pam.
> 
> 
>>As a test, change the acls on the home directory to allow access
>>without a token from the test machine.
> 
> 
> that's an idea, let me check that RIGHT now...
> 
> (tried a junk account) same things happens...but look at this:
> 
> 
> Oct 31 14:06:43 oort gdm(pam_unix)[67778]: session opened for user
> jeepdude by (uid=0)
> Oct 31 14:06:43 oort gdm[67778]: gdm_slave_session_start: /home/jeepdude
> is writable by group.
> Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: /home/jeepdude is
> writable by group.
> Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: Could not open
> cookie file /tmp/.gdm9W5qvG
> Oct 31 14:06:43 oort gdm[67778]: Tried wiping some old user session
> errors files to make disk space and will try adding user auth files
> again
> Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: /home/jeepdude is
> writable by group.
> Oct 31 14:06:43 oort gdm[67778]: gdm_auth_user_add: Could not open
> cookie file /tmp/.gdm5jAtPM
> Oct 31 14:06:53 oort gdm(pam_unix)[67778]: session closed for user
> jeepdude
> Oct 31 14:07:33 oort kernel: reop_import_path: no such path:
> /afs/csc.depauw.edu/home/jeepdude
> 
> 
> 
>>and...  on this machine a gdm login with root  works.
>>The root home is not in AFS, so you don't need the token early.
> 
> 
> I know, but gdm works with "local" accounts..  I meant to say it is not
> the case that gdm doesn't work at all.

Thats what I meant too, it worked on a local acocunt, but not if the
home was in AFS. So what is  /afs/csc.depauw.edu/home/jeepdude?


>  
> thanks,
> 
> Ron
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444