[OpenAFS] Token loss after su on linux 2.6
Bob Hoffman
hoffman@cs.pitt.edu
Wed, 16 Aug 2006 15:05:17 -0400
Derrick,
Groups says:
arsenic:1 % groups
wheel id: cannot find name for group ID 34382
34382 id: cannot find name for group ID 40752
40752 root root bin sys tty mem mail news floppy utmp colorps okadmin
mailman gradapp gradappcs
arsenic:2 % su
Password:
Setting erase to ^?
arsenic:1 # groups
root id: cannot find name for group ID 34382
34382 id: cannot find name for group ID 40752
40752 bin daemon sys adm disk mem wheel colorps okadmin gradapp gradappcs
arsenic:2 # exit
arsenic:3 % groups
wheel id: cannot find name for group ID 34382
34382 id: cannot find name for group ID 40752
40752 root root bin sys tty mem mail news floppy utmp colorps okadmin
mailman gradapp gradappcs
Russ,
That was it. I'm using the pam_afs.so module that came in
openafs-client-1.4.1-rhel4.2.i386.rpm.
In my /etc/pam.d/system_auth file, I had a "session" entry that called
pam_afs.so. Commenting
that out allows the token to remain. Now all I have to do is figure out
what I broke by doing so.
BTW, we're not running Kerberos 5 yet. We still have the old AFS kaserver.
Many thanks to all who responded.
---Bob.