[OpenAFS] OpenAFS on FC6 (OpenAFS, LDAP, SSH, gdm afs tokens etc etc...)
Wed, 05 Sep 2007 14:33:39 -0700
Simon Wilkinson <firstname.lastname@example.org> writes:
> The keyring related thing you're seeing is related to AFS PAGs. In
> recent Linux kernels it hasn't been possible to maintain PAGs via the
> previous group based system. So, a new mechanism using keyrings was
> deployed. The keyring is set up by the AFS PAM module (ultimately, by
> using the same AFS kernel module interface as created the group based
> PAG). If, subsequent to that, you run a PAM module that resets the
> keyring, then you can expect to lose the tokens.
If you're using the pam-afs-session module, just running it after the
keyring module in the session stack would probably fix this problem, since
then it would create the keyring after pam_keyring resets it.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>