[OpenAFS] Solaris 10 11/06 afs 1.4.2 pam module panic.

Marcus Watts mdw@umich.edu
Mon, 18 Dec 2006 20:42:24 -0500

Some more interesting experiments.
How about:
	pagsh		setpag
	klog		get k4 tickets via ka, settoken
This should be a close duplicate of what pam_afs does.
	pagsh		setpag
	kinit		get k5 tickets
	aklog		settoken
This isn't quite as close to what pam_afs does, and
it gets k5 tickets which might behave in interesting
different ways.

Or this:
	klog -setpag
This is particularly tricky; it should cause the equivalent
to "pagsh" to happen in the parent.  I suppose at any point
I'm suspicious of setpag, if only because you don't mention
it and I can't think what else might be different between
just klog and what pam does.

These two parameters may alter pam operation in interesting ways:
"use_klog" causes pam to invoke klog instead of calling
this "shouldn't" make a difference, but maybe it does.

"refresh_token" causes pam to not do setpag.  This is the
moral equivalent of omitting "pagsh" or "-setpag" from the
above experiments.

It would be interesting to figure out how to run "truss"
on your errant su / pam interaction, but I'm not sure that
the interesting part at the very end will get printed
before the system panics.

The callback traces that you posted change; I'm guessing
most of that isn't relevant to the actual panic.  I'm not
positive that this is so.  If you've got some way to attach
a kernel debugger once it crashes, there is definitely
more to be learned.

				-Marcus Watts