[OpenAFS] token and linux "access key retention"?

Harald Barth haba@kth.se
Wed, 27 May 2009 15:39:02 +0200 (CEST)

>       When I log in I get Kerberos TGT and an AFS ticket, but no token
>       (should be provided by pam). Aklog works, afterward I get tokens in all
>       other SSH sessions. "unlog" in on session destroys all ather tokens.

Looks like you have started sshd in a pag and you don't "get out". Try starting
without pag. I have the following in my /etc/init.d/sshd

-       echo -n $"Starting $prog: "
-       $SSHD $OPTIONS && success || failure
+       if keyctl show | egrep '_uid_ses.0$' > /dev/null ; then
+           echo -n $"Starting $prog: "
+           $SSHD $OPTIONS && success || failure
+       else
+           echo -n Refusing to start outside UID pag:
+           false || failure

>       On other computers of the same kind everything works as expected. 

Probably started sshd at boot and not from a logged in session.

What about:

/etc/init.d/sshd stop
## Let it die

## Use at (assumes atd is outside pag) to start sshd
at now /etc/init.d/sshd start