[OpenAFS] 1.6.20 pam_afs_session bug ?

Benjamin Kaduk kaduk@mit.edu
Fri, 31 Mar 2017 15:18:40 -0500

On Thu, Mar 30, 2017 at 03:53:24PM +0200, Andreas Ladanyi wrote:
> Hi guys,
> i tested:
> Ubuntu 16.10, Gnome, Kernel 4.8
> current OpenAFS 1.6.20 from ppa.
> After relogin from screensaver dialog the kerberos tgt and afs service
> ticket are renewed but the afs token isnt renewed. There is no
> "always_aklog" flag at pam_afs_session.so line in pam common-auth file.
> If i try this relogin procedure with OpenAFS 1.6.18 from the distri repo
> the afs token is also renewed.

Hmm, to have a new afs service ticket obtained (after the new TGT)
would indicate that pam_afs_session is still running and doing
something, but presumably failing to actually insert the token into
the appropriate PAG.  Unfortunately, pam_afs_session is mostly
unmaintained these days (I don't believe that Russ found anyone to
take it over), so it seems like the most prudent suggestion would be
to see whether always_aklog helps.