[OpenAFS] Odd tokens behavior on RHEL
Brian Sebby
sebby@anl.gov
Tue, 20 Nov 2012 11:05:31 -0600
We're moving a lot of our systems to Red Hat Enterprise Linux, and I've been
working on getting AFS to behave the same way that it does on Solaris. I've
found a strange behavior when I log into a box using Kerberos.
I've set it up to use pam_afs_session which I installed from the RHEL 6
EPEL repository. We're using the OpenAFS RPMs from openafs.org.
When I log in and run tokens, I see this:
sebby@jboss-temp0:~% tokens
Tokens held by the Cache Manager:
Tokens for afs@anl.gov [Expires Nov 20 20:57]
--End of list--
It does not list my UID, but I appear to have the right tokens - I can
access protected directories, etc.
If I run aklog again, it does the right thing:
sebby@jboss-temp0:~% aklog
sebby@jboss-temp0:~% tokens
Tokens held by the Cache Manager:
User's (AFS ID 13904) tokens for afs@anl.gov [Expires Nov 20 20:57]
--End of list--
Has anyone seen this behavior?
We've got the following line in /etc/pam.d/common-auth (which is included by
the various PAM files):
session required pam_afs_session.so
I tried adding program=/usr/bin/aklog but that seemed to make no difference.
Since it's working this isn't critical, but I'm curious to know why it's
doing it this way.
Thanks,
Brian
--
Brian Sebby (sebby@anl.gov) | Infrastructure and Operation Services
Phone: +1 630.252.9935 | Computing and Information Systems
Fax: +1 630.252.4601 | Argonne National Laboratory