[OpenAFS] PAGs in Ubuntu Karmic
Simon Wilkinson
sxw@inf.ed.ac.uk
Thu, 5 Nov 2009 08:12:35 +0000
On 5 Nov 2009, at 06:20, Russ Allbery wrote:
>
> I suspect that what you're seeing is that AFS uses keyrings with
> current
> kernels instead of GID-based PAGs to accomplish the same purposes.
> The
> AFS part works the way it always has, but the supplemental groups
> may not
> show up as GIDs.
Currently, we always push the supplemental groups in the users
additional group list - so even when keyring based PAGs are in use,
you should see the additional entries.
> But it's hard to be sure without more details on what you mean by "not
> working any more."
Indeed. One option (and this is a shot in the dark) is that it's a PAM
issue. If Ubuntu have started using pam_keyinit, then it's vital that
this is run before any AFS PAM module. Otherwise, pam_keyinit will
happily replace AFS's keyring with its own.
Cheers,
Simon.