[OpenAFS] Token gone after sudo?!

Sergio Gelato Sergio.Gelato@astro.su.se
Sun, 3 Jan 2016 23:00:59 +0100


* Alexander Lazarevi=C4=87 [2015-12-31 00:05:59 +0100]:
> I just recently upgraded to ubuntu 15.10 and I am using the openafs
> client 1.6.16-0ppa1~ubuntu15.10.2. With the switch to 15.10 I started to
> notice tokens to "disappear".

Ubuntu 15.10 "wily werewolf" uses libpam-afs-session 2.5-4.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D782589
presumably applies. According to the changelog for sudo the default behavio=
ur
for pam_setcred was changed in 1.8.10p2, and indeed Ubuntu ships version
1.8.9p5 in vivid, 1.8.12 in wily.

So either add
	Defaults !pam_setcred
to your sudo configuration or backport libpam-afs-session 2.6-1 from xenial.
(I've done both, after determining that the new default sudo behaviour wasn=
't
useful in my environment.)

The same problem affects Debian 8 (jessie).