[OpenAFS] Ubuntu 10.04 Login Issues
Wed, 22 Dec 2010 14:54:21 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
On 12/22/2010 2:35 PM, Thomas M. Payerle wrote:
> On Wed, 22 Dec 2010, Thomas Calderon wrote:
> We encountered the same issue when rolling out an updated desktop
> environment using Gnome.
> gnome-screensaver, for various security reasons, takes a multiprocess
> approach. The main locking process detects mouse/keyboard activity, an=
> then runs another process to handle the dialog (this allows the dialog
> to safely use higher level desktop widgets, themes, etc. If it crashes=
> screen remains locked, which is the secure alternative.)
> The issue occurs if home directories are in AFS, and the AFS tokens exp=
> between the locking of the screen and when attempt to unlock it. The
> process then tries to open a window on the display to prompt for the
> but cannot access ~/.Xauthority as it is in the AFS located home direct=
> and does not have valid AFS tokens.
> I do not see any good ways to get around this. Allowing something w/ou=
> user's tokens read access to ~/.Xauthority seems rather questionable,
> plus awkward as needs some access to ~ as well. =20
Perhaps at logon the machine is added as an IP ACL to the requisite
directory using the user's acquired token and then removing the ACL at
logout. (or something along that line of thought....)
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----