AW: [OpenAFS] Check free space on AFS share before login
Richter, Michael
m.richter@tu-berlin.de
Thu, 2 Feb 2017 13:42:18 +0000
OK, did so. But: running "vos examine" in a shell works. If I put the same =
line into a script and call this script on the same shell, it doesn't work =
and gives me this error:
vsu_ClientInit: Could not get afs tokens, running unauthenticated.
--=20
Michael Richter
Technische Universit=E4t Berlin
Universit=E4tsbibliothek
IT-Service
Fasanenstra=DFe 88, 10623 Berlin
Telefon: +49 (0)30 314-76310
m.richter@tu-berlin.de
www.ub.tu-berlin.de
-----Urspr=FCngliche Nachricht-----
Von: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org]=
Im Auftrag von Stephan Wiesand
Gesendet: Donnerstag, 2. Februar 2017 13:01
An: openafs-info@openafs.org
Betreff: Re: [OpenAFS] Check free space on AFS share before login
> On 2 Feb 2017, at 12:43, Richter, Michael <m.richter@tu-berlin.de> wrote:
>=20
> Actually trying... The message comes to the user in LightDM. But I don't =
have access to the AFS share of the user. I assume it's because pam_exec ru=
ns before pam_afs_session:
>=20
> -- /etc/pam.d/common-auth
> ~~~
> auth [success=3D3 default=3Dignore] pam_krb5.so minimum_uid=3D100=
0
> auth [success=3D2 default=3Dignore] pam_unix.so nullok_secure try=
_first_pass
>=20
> # auth against two domains via LDAP
> auth [success=3D1 default=3Dignore] pam_sss.so use_first_pass=20
>=20
> auth requisite pam_deny.so
> auth required pam_permit.so
>=20
> # mount OwnCloud via webdav
> auth optional pam_mount.so=20
>=20
> auth optional pam_afs_session.so
> auth optional pam_cap.so
>=20
> # check free space in AFS
> auth requisite pam_exec.so stdout seteuid /opt/check_free.sh
> ~~~
>=20
> pam_afs_session is optional because there are users from another domain w=
ithout an AFS share. The check_free script checks this by itself. I've set =
it to required too. But still the same. The script doesn't have access to t=
he AFS share. According to the manual of PAM there is no way to set an orde=
r.
>=20
> Maybe this doesn't work because it's in the PAM process?
>=20
> Any hints?
First, let me second Jonathan's objection to produce any output in the comm=
on pam stack. I'd really really put it into /etc/pam.d/lightdm (right after=
the @include common-auth).
And you don't need read access to the volume root in order to find out. Par=
sing the output of "vos examine -format" should be simple enough.
=20
--=20
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info