[OpenAFS] Odd tokens behavior on RHEL

Brian Sebby sebby@anl.gov
Tue, 20 Nov 2012 11:05:31 -0600


We're moving a lot of our systems to Red Hat Enterprise Linux, and I've been
working on getting AFS to behave the same way that it does on Solaris.  I've
found a strange behavior when I log into a box using Kerberos.

I've set it up to use pam_afs_session which I installed from the RHEL 6
EPEL repository.  We're using the OpenAFS RPMs from openafs.org.

When I log in and run tokens, I see this:

sebby@jboss-temp0:~% tokens

Tokens held by the Cache Manager:

Tokens for afs@anl.gov [Expires Nov 20 20:57]
   --End of list--

It does not list my UID, but I appear to have the right tokens - I can
access protected directories, etc.

If I run aklog again, it does the right thing:

sebby@jboss-temp0:~% aklog
sebby@jboss-temp0:~% tokens

Tokens held by the Cache Manager:

User's (AFS ID 13904) tokens for afs@anl.gov [Expires Nov 20 20:57]
   --End of list--

Has anyone seen this behavior?

We've got the following line in /etc/pam.d/common-auth (which is included by
the various PAM files):

session required        pam_afs_session.so

I tried adding program=/usr/bin/aklog but that seemed to make no difference.

Since it's working this isn't critical, but I'm curious to know why it's
doing it this way.


Thanks,

Brian

-- 
Brian Sebby  (sebby@anl.gov)  |  Infrastructure and Operation Services
Phone: +1 630.252.9935        |  Computing and Information Systems
Fax:   +1 630.252.4601        |  Argonne National Laboratory