[OpenAFS] uw-imap & tokens

[David Howells]

Miles Davis <miles@CS.Stanford.EDU> wrote:

> Let me step back too, in case I'm on the wrong path. My symptom is 
> that tokens are disappearing out from under users after a few minutes 
> in a session. They're not expiring. Running "keyctl show" after ssh 
> login shows that my keying is uid 0, but I don't know why. 

Can you run "keyctl show" immediately after you log in?

> Session Keyring
>        -3 --alswrv      0     0  keyring: _uid_ses.0
>         2 --alswrv      0     0   \_ keyring: _uid.0
>  29391168 ----s--v      0     0   \_ afs_pag: _pag

Can you try "grep -r keyinit /etc/pam.d/"?  Do you see pam_keyinit.so
appearing?

How's the afs_pag key getting allocated?  Is it by a PAM module?

> Something does show up under my uid in /proc/key-users:
> 
>  9766:     2 2/2 2/100 60/10000

That'll be the uid-specific (_uid.9766) and uid-specific-session
(_uid_ses.9766) keyrings.  If you do "cat /proc/keys" you should see them.

David