[OpenAFS] Need help: Tokens stop working

Daniel Richard G. danielg@teragram.com
Thu, 8 Oct 2009 18:16:09 -0400


> -----Original Message-----
> From: openafs-info-admin@openafs.org [mailto:openafs-
> info-admin@openafs.org] On Behalf Of Douglas E. Engert
>
> Are clocks in sync? (5 minutes of the AFS servers)

Yes. NTP is running and synched on the clients, file server, and DB servers.

> Are you using PAGs?
>
> (id -a should have the PAG number as a large group
> number between 1090519040 and 1107296255)

Yes. We're using pam_afs_session.so to do the setup (and MIT's libnss-afspag 
to quell name-lookup errors).

> Does same use login more then once a the same  time?

Yes. In my case, I have a desktop system on which I'm logged in locally via 
X11, and remotely several times via SSH (individual sessions, I never figured 
out screen(1)).

I should note that the SSH sessions are particularly prone to the 
short-lived-token problem, much more so than the X11 session. It's not 
uncommon that I'll run into it several times in an evening.

> Do you use pam_afs_session?

Of course, as I understand this to be the current practice.


--Daniel