[OpenAFS] Need help: Tokens stop working
Daniel Richard G.
danielg@teragram.com
Thu, 8 Oct 2009 18:16:09 -0400
> -----Original Message-----
> From: openafs-info-admin@openafs.org [mailto:openafs-
> info-admin@openafs.org] On Behalf Of Douglas E. Engert
>
> Are clocks in sync? (5 minutes of the AFS servers)
Yes. NTP is running and synched on the clients, file server, and DB servers.
> Are you using PAGs?
>
> (id -a should have the PAG number as a large group
> number between 1090519040 and 1107296255)
Yes. We're using pam_afs_session.so to do the setup (and MIT's libnss-afspag
to quell name-lookup errors).
> Does same use login more then once a the same time?
Yes. In my case, I have a desktop system on which I'm logged in locally via
X11, and remotely several times via SSH (individual sessions, I never figured
out screen(1)).
I should note that the SSH sessions are particularly prone to the
short-lived-token problem, much more so than the X11 session. It's not
uncommon that I'll run into it several times in an evening.
> Do you use pam_afs_session?
Of course, as I understand this to be the current practice.
--Daniel