[OpenAFS] Re: Need help: Tokens stop working
Fri, 9 Oct 2009 11:28:26 -0500
On Thu, 8 Oct 2009 18:16:09 -0400
"Daniel Richard G." <email@example.com> wrote:
> > Are you using PAGs?
> > (id -a should have the PAG number as a large group
> > number between 1090519040 and 1107296255)
> Yes. We're using pam_afs_session.so to do the setup (and MIT's
> libnss-afspag to quell name-lookup errors).
So you have gid-based PAGs; do you know if your kernel also has keyring
support? 'keyctl show' should show an afs PAG key, if we're using that.
We've seen some odd behavior in some situations when gid and keyring
PAG tracking are both in use. I've never seen issues with it and SSH,
though, and if your tokens are lasting longer than 10 minutes, that's
probably not the problem.