[OpenAFS] Problems getting AFS tokens with GDM on Fedora 24

Benjamin Kaduk kaduk@mit.edu
Wed, 9 Nov 2016 22:02:03 -0600

On Wed, Nov 09, 2016 at 04:53:12PM -0500, Randy Philipp wrote:
> I am currently working on getting AFS working on a Fedora VM, and I can
> not figure out why I am losing my AFS tokens during the graphical login
> process (using gdm). I have attempted to disable gnome-keyring-daemon
> (to the point of chmod it to 000). Does anyone have any insight to what
> is destroying the AFS tokens. I have checked the logs, I have
> pam_afs_session in place and it is getting tokens (actually I am forcing
> it get tokens), but still no tokens at login. I have the kerberos ticket
> for getting AFS tokens. I have setup a Fedora 24 server

Well, it is probably hard to say from just the supplied information (not that
I am a PAM expert).  There are cases when pam_afs_session can be configured
to delete tokens at the end of a "session" (for a certain definition of
"session"), which can result in this sort of annoying behavior where tokens
expire more early than is expected.

It might be worth posting your full PAM configuration.