[OpenAFS] Solaris 10 (x86): pam_afs_session
Douglas E. Engert
deengert@anl.gov
Fri, 22 Feb 2008 16:37:14 -0600
Russ Allbery wrote:
> John Tang Boyland <boyland@cs.uwm.edu> writes:
>
>> Now, I notice in the debug log that pam_afs_session gets run twice and
>> the second time decides it has already run and doesn't do anything.
>> This may be because on recommendation, I had added pam_afs_session to
>> the session stack:
>>
>> other session required pam_unix_session.so.1
>> other session required pam_afs_session.so always_aklog
>>
>> OK. So I remove the pam_afs_session line from the session stack.
>> ....
>> Eureka! It works now.
>>
>> I guess, when I applied the recommended fixes, one of them (perhaps
>> misunderstood by me) caused a problem that ended up having the same
>> symptoms as the original problem, so I assumed the fixes were useless.
>> (It may also be that in pam_afs_session 1.5 it no longer gives up if it
>> has already run. I'm still using pam_afs_session 1.4)
>
> That behavior is still the same. pam_afs_session doesn't set the note
> that it had already run unless your aklog program exits successfully. So,
> the next question is why aklog is exiting successfully even though it
> didn't get tokens.
Looks like it always returns 0!
OpenAFS 1.4.6 src/aklog/aklog.c has:
int
main(int argc, char *argv[])
{
aklog(argc, argv);
exit(0);
}
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444