[OpenAFS] OpenAFS on FC6 (OpenAFS, LDAP, SSH, gdm afs tokens etc etc...)

Simon Wilkinson sxw@inf.ed.ac.uk
Wed, 5 Sep 2007 22:09:31 +0100

On 5 Sep 2007, at 21:31, Ron Croonenberg wrote:
 > I wonder if that force parameter doesn't do the same thing with  
kerberos tickets)

This won't affect Kerberos tickets at all - these will be held in a  
file based credentials cache, whose location is pointed to by an  
environmental variable.

The keyring related thing you're seeing is related to AFS PAGs. In  
recent Linux kernels it hasn't been possible to maintain PAGs via the  
previous group based system. So, a new mechanism using keyrings was  
deployed. The keyring is set up by the AFS PAM module (ultimately, by  
using the same AFS kernel module interface as created the group based  
PAG). If, subsequent to that, you run a PAM module that resets the  
keyring, then you can expect to lose the tokens.