[OpenAFS] PAGs in Ubuntu Karmic

Douglas E. Engert deengert@anl.gov
Thu, 05 Nov 2009 09:22:51 -0600 

Frank Burkhardt wrote:
> Hi Everyone,
> 
> are there any recent changes in the linux kernel or in openafs which prevent
> PAGs from working?
> For a long time I was making heavy use of PAGS using self built vanilla
> kernels in various debian releases.
> 
> However, last Sunday I got a new laptop and decided to give the new Ubuntu
> release (Karmic) a shot. I decided to use the use the official ubuntu kernel
> and built openafs modules the suggested way (module-assistant).
> 
> Everything works fine - except of PAGs. Does anyone know, why they're not
> working anymore or even how to enable them?

I upgradted to Karmic yesterday, and only after your message and responses
from Russ and Simon did I start looking at the the pags.

ssh had no problems with pags.

With gdm, the pam_gnome_keyring.so is run after "@include common-auth"
and after "@include common-session" both of which pam_afs_session.
(I had added it to the common-auth)

I moved the "auth optional pam_afs_session.so"  from common-auth to gdm,
and gnome-screensaver:

gdm:
  #%PAM-1.0
auth    requisite       pam_nologin.so
auth    required        pam_env.so readenv=1
auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth    optional        pam_gnome_keyring.so
auth optional pam_afs_session.so minimum_uid=100
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required        pam_limits.so
session optional        pam_gnome_keyring.so auto_start
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password

gnome-screensaver:
@include common-auth
auth optional pam_gnome_keyring.so
auth optional pam_afs_session.so minimum_uid=100


The above appears to work as before, with su and sudo keeping the PAG.


> 
> Some information about the system:
>    * Ubuntu Karmic (9.10)
>    * Kernel 2.6.31-14-generic (most likely containing lots of ubuntu
>      specific patches)
>    * Openafs client 1.4.11
>    * MIT Kerberos 5
> 
> Thank you for any help.
> 
> Regards,
> 
> Frank
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444