[OpenAFS] Help: Make UNIX traditional su command to get OpenAFS token

Russ Allbery rra@stanford.edu
Mon, 13 Jun 2011 09:21:36 -0700


Derrick Brashear <shadow@gmail.com> writes:

> as was explained in IRC last night, the system auth rules create a PAG,
> but since you don't type a kerberos password at su for root and thus get
> no ticket, you also get no token and have no permissions.  you should
> succeed for uid 0 before calling the afs session module, probably only
> for su.

Upgrading to pam-afs-session 2.4 should fix this problem if you export the
KRB5CCNAME variable to your root environment, although it means that, as
root, you'll keep using your same ticket cache.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>