[OpenAFS] Help: Make UNIX traditional su command to get OpenAFS token

Russ Allbery rra@stanford.edu
Mon, 13 Jun 2011 09:21:36 -0700

Derrick Brashear <shadow@gmail.com> writes:

> as was explained in IRC last night, the system auth rules create a PAG,
> but since you don't type a kerberos password at su for root and thus get
> no ticket, you also get no token and have no permissions.  you should
> succeed for uid 0 before calling the afs session module, probably only
> for su.

Upgrading to pam-afs-session 2.4 should fix this problem if you export the
KRB5CCNAME variable to your root environment, although it means that, as
root, you'll keep using your same ticket cache.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>