[OpenAFS] OpenAFS on FC6 (OpenAFS, LDAP, SSH, gdm afs tokens etc etc...)
Simon Wilkinson
sxw@inf.ed.ac.uk
Wed, 5 Sep 2007 22:09:31 +0100
On 5 Sep 2007, at 21:31, Ron Croonenberg wrote:
> I wonder if that force parameter doesn't do the same thing with
kerberos tickets)
This won't affect Kerberos tickets at all - these will be held in a
file based credentials cache, whose location is pointed to by an
environmental variable.
The keyring related thing you're seeing is related to AFS PAGs. In
recent Linux kernels it hasn't been possible to maintain PAGs via the
previous group based system. So, a new mechanism using keyrings was
deployed. The keyring is set up by the AFS PAM module (ultimately, by
using the same AFS kernel module interface as created the group based
PAG). If, subsequent to that, you run a PAM module that resets the
keyring, then you can expect to lose the tokens.
Cheers,
Simon.