[OpenAFS] Check free space on AFS share before login

[Stephan Wiesand]

> On 2 Feb 2017, at 12:43, Richter, Michael <m.richter@tu-berlin.de> =
wrote:
>=20
> Actually trying... The message comes to the user in LightDM. But I =
don't have access to the AFS share of the user. I assume it's because =
pam_exec runs before pam_afs_session:
>=20
> -- /etc/pam.d/common-auth
> ~~~
> auth    [success=3D3 default=3Dignore]      pam_krb5.so =
minimum_uid=3D1000
> auth    [success=3D2 default=3Dignore]      pam_unix.so nullok_secure =
try_first_pass
>=20
> # auth against two domains via LDAP
> auth    [success=3D1 default=3Dignore]      pam_sss.so use_first_pass=20=

>=20
> auth    requisite                       pam_deny.so
> auth    required                        pam_permit.so
>=20
> # mount OwnCloud via webdav
> auth    optional        pam_mount.so=20
>=20
> auth    optional                        pam_afs_session.so
> auth    optional                        pam_cap.so
>=20
> # check free space in AFS
> auth    requisite   pam_exec.so stdout seteuid /opt/check_free.sh
> ~~~
>=20
> pam_afs_session is optional because there are users from another =
domain without an AFS share. The check_free script checks this by =
itself. I've set it to required too. But still the same. The script =
doesn't have access to the AFS share. According to the manual of PAM =
there is no way to set an order.
>=20
> Maybe this doesn't work because it's in the PAM process?
>=20
> Any hints?

First, let me second Jonathan's objection to produce any output in the =
common pam stack. I'd really really put it into /etc/pam.d/lightdm =
(right after the @include common-auth).

And you don't need read access to the volume root in order to find out. =
Parsing the output of "vos examine -format" should be simple enough.
=20
--=20
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany