[OpenAFS] Solaris 10 (x86): pam_afs_session

Russ Allbery rra@stanford.edu
Fri, 22 Feb 2008 13:25:36 -0800


John Tang Boyland <boyland@cs.uwm.edu> writes:

> Now, I notice in the debug log that pam_afs_session gets run twice and
> the second time decides it has already run and doesn't do anything.
> This may be because on recommendation, I had added pam_afs_session to
> the session stack:
>
> other   session required        pam_unix_session.so.1
> other   session required        pam_afs_session.so always_aklog
>
> OK. So I remove the pam_afs_session line from the session stack.
> ....
> Eureka!  It works now.
>
> I guess, when I applied the recommended fixes, one of them (perhaps
> misunderstood by me) caused a problem that ended up having the same
> symptoms as the original problem, so I assumed the fixes were useless.
> (It may also be that in pam_afs_session 1.5 it no longer gives up if it
> has already run. I'm still using pam_afs_session 1.4)

That behavior is still the same.  pam_afs_session doesn't set the note
that it had already run unless your aklog program exits successfully.  So,
the next question is why aklog is exiting successfully even though it
didn't get tokens.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>