[OpenAFS] Solaris 10 (x86): pam_afs_session

Douglas E. Engert deengert@anl.gov
Fri, 22 Feb 2008 16:37:14 -0600


Russ Allbery wrote:
> John Tang Boyland <boyland@cs.uwm.edu> writes:
> 
>> Now, I notice in the debug log that pam_afs_session gets run twice and
>> the second time decides it has already run and doesn't do anything.
>> This may be because on recommendation, I had added pam_afs_session to
>> the session stack:
>>
>> other   session required        pam_unix_session.so.1
>> other   session required        pam_afs_session.so always_aklog
>>
>> OK. So I remove the pam_afs_session line from the session stack.
>> ....
>> Eureka!  It works now.
>>
>> I guess, when I applied the recommended fixes, one of them (perhaps
>> misunderstood by me) caused a problem that ended up having the same
>> symptoms as the original problem, so I assumed the fixes were useless.
>> (It may also be that in pam_afs_session 1.5 it no longer gives up if it
>> has already run. I'm still using pam_afs_session 1.4)
> 
> That behavior is still the same.  pam_afs_session doesn't set the note
> that it had already run unless your aklog program exits successfully.  So,
> the next question is why aklog is exiting successfully even though it
> didn't get tokens.

Looks like it always returns 0!
OpenAFS 1.4.6 src/aklog/aklog.c has:

  int
  main(int argc, char *argv[])
  {
      aklog(argc, argv);
      exit(0);
  }



> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444