[OpenAFS] Token gone after sudo?!
Benjamin Kaduk
kaduk@MIT.EDU
Thu, 31 Dec 2015 16:32:24 -0500 (EST)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-623510881-1451597544=:26829
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
It's very likely to be an issue with the PAM configuration, yes.
I think we've seen some cases where it was pam_afs_session that was
misconfigured and not pam_keyring, but I didn't check the archives,
myself.
-Ben
On Thu, 31 Dec 2015, Chas Williams wrote:
> It's probably that your /etc/pam.d/sudo is using pam_keyring.so
> to set up a new keyring when you sudo.
>
> Do a keyctl list @s before and sudo keyctl list @s and see if
> the keyring is being replaced.
>
> On Thu, 2015-12-31 at 00:05 +0100, Alexander Lazarevi=C4=87 wrote:
> > Hi!
> >=C2=A0
> > I just recently upgraded to ubuntu 15.10 and I am using the openafs
> > client=C2=A01.6.16-0ppa1~ubuntu15.10.2. With the switch to 15.10 I star=
ted
> > to notice tokens to "disappear".
> >=C2=A0
> > The following is an example of how to reliable make tokens disappear
> > for me:
> >=C2=A0
> > aklog; tokens; sudo ls /dev/null; tokens
> >=C2=A0
> > Tokens held by the Cache Manager:
> >=C2=A0
> > User's (AFS ID 20000) tokens for afs@mydomain.com [Expires Dec 31
> > 09:50]
> > =C2=A0 =C2=A0--End of list--
> > /dev/null
> >=C2=A0
> > Tokens held by the Cache Manager:
> >=C2=A0
> > =C2=A0 =C2=A0--End of list--
> >=C2=A0
> > I can't remember that this would happen. But I surely could be wrong?!
> >=C2=A0
> > Regards,
> > =C2=A0Alex
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
---559023410-623510881-1451597544=:26829--