[OpenAFS] OpenAFS on FC6 (OpenAFS, LDAP, SSH, gdm afs tokens etc etc...)

Ron Croonenberg ronc@depauw.edu
Wed, 05 Sep 2007 16:31:50 -0400 

Ok,   I did receive a few msgs from people that had issues with AFS 
tokens after login with SSH and gdm(remote) too.

Here is what I figured out.

Some of the pam "config" files in /etc/pam.d  contain lines like:

session        optional     pam_keyinit.so force revoke

 From what I found is that the force parameter causes the afs token to 
disappear (soon)after login. (I read somewhere that it is exactly what 
the "force" parameter is supposed to do.)

Anyway, simply changing:

session        optional     pam_keyinit.so force revoke     to: 
      session        optional     pam_keyinit.so revoke

makes the OpenAFS client work again (at least for me it does) for those 
of us that can't move to kerberos yet and are "stuck" with the "klog 
thing". (Also a newer kernel than 2798 on FC6 helps too, also with some 
other issues. I wonder if that force parameter doesn't do the same thing 
with kerberos tickets)

Anyway, I don't know if it is all that elegant etc..  but this makes it 
work for me for now.


Ron




Simon Wilkinson wrote:
> 
> On 5 Sep 2007, at 17:53, Ron Croonenberg wrote:
> 
>> Is that just a typo ?  or am I trying to build the 1.4.3 rpms ?
> 
> No - that's correct. 1.4.4 was made with a patch from the 1.4.3 tarball 
> (it was a security release)
> 
>> building the rpms breaks btw:
>>
>> /usr/src/redhat/BUILD/openafs-1.4.3/src/libafs/MODLOAD-2.6.22.4-45.fc6-SP/rx_kmutex.c:125: 
>> error: 'struct task_struct' has no member named 'thread_info'
> 
> You need some additional patches. There should be a -3 release SRPM on 
> the openafs.org website which contains them, and which has been used to 
> build the recent FC6 kernel RPMS - there should also be RPMs available 
> for the -45 kernel shortly.
> 
> Cheers,
> 
> Simon.
> 

-- 
=================================================================
  It's is not, it isn't ain't, and it's it's, not its, if you mean
  it is. If you don't, it's its. Then too, it's hers. It isn't
  her's. It isn't our's either. It's ours, and likewise yours and
  theirs.
                                               -- Oxford Uni Press
=================================================================
  Ron Croonenberg                   |
                                    | Phone: 1 765 658 4761
  Lab Instructor &                  | Fax:   1 765 658 4732
          Technology Coordinator    |
                                    |
  Department of Computer Science    | e-mail: ronc@DePauw.edu
  DePauw University                 |
  275 Julian Science & Math Center  |
  602 South College Ave.            |
  Greencastle, IN  46135            |
=================================================================
  http://www.csc.depauw.edu/RonCroonenberg.html
=================================================================