[OpenAFS] OpenAFS on FC6 (OpenAFS, LDAP, SSH, gdm afs tokens etc etc...)

Russ Allbery rra@stanford.edu
Wed, 05 Sep 2007 14:33:39 -0700


Simon Wilkinson <sxw@inf.ed.ac.uk> writes:

> The keyring related thing you're seeing is related to AFS PAGs. In
> recent Linux kernels it hasn't been possible to maintain PAGs via the
> previous group based system. So, a new mechanism using keyrings was
> deployed. The keyring is set up by the AFS PAM module (ultimately, by
> using the same AFS kernel module interface as created the group based
> PAG). If, subsequent to that, you run a PAM module that resets the
> keyring, then you can expect to lose the tokens.

If you're using the pam-afs-session module, just running it after the
keyring module in the session stack would probably fix this problem, since
then it would create the keyring after pam_keyring resets it.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>