[OpenAFS] screen loses tokens - Solaris 10

Russ Allbery rra@stanford.edu
Mon, 15 Aug 2011 12:34:19 -0700


Jeff Blaine <jblaine@kickflop.net> writes:

> How might I go about debugging this?  This happens on a host with
> Generic_142900-03 but not on a host with Generic_144488-17 (nor ever on
> this latter host at any patch rev -- I have been using/resuming screen
> on it for years).

> 1. Connect to host with PuTTY
> 2. Confirm krb5 creds and tokens gotten from PAM
> 3. Start screen
> 4. Confirm krb5 creds and tokens in screen shell
> 5. Close PuTTY, "Yes, disconnect"
> 6. Connect to host with PuTTY
> 7. Confirm krb5 creds and tokens gotten from PAM
> 8. Resume screen session
> 9. Tokens and krb5 creds in screen shell are gone

When you log out of the session from which you started screen, PAM will
destroy your AFS tokens.  If you don't want PAM to destroy AFS tokens on
session close, you need to give the retain_after_close option to
pam-afs-session and pam-krb5.

Alternately, start screen with krenew -t -- screen, which will create
isolated tickets and tokens for the screen process that are disconnected
from your login session.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>