[OpenAFS] openafs 1.8.x aklog -setpag not working? (Scientific Linux 6.10, Centos)

r.laatsch Rainer.Laatsch@t-online.de
Fri, 19 Oct 2018 21:53:37 +0200

Thanks to all for writing.

Pag and token are mostly needed at login. Could all be done under PAM.

If there is no PAM given, the user must do it in his Shell startup profile.

The use of pagsh there is tricky (but possible) , but a working aklog 

makes that easy and straightforward. (One could kinit in the profile or 
scp a ticket from your home

computer to /tmp/ beforehand using key login, /tmp/ is writable then.)

The dokumentation says the -setpag flag might not work everywhere.

Under 1.8.x, thats true for my environment, alas; does the code change help

somewhere else?

So i will use my working 1.6.20+ aklog further.

To avoid a full compilation of a 1.6.20+ version just for the aklog, a 
much more

simple approach is to use gssklog -setpag from D.E.Engert @anl (great!),

the source is still available at


Best regards,

Rainer Laatsch


On 10/18/18 17:00, Benjamin Kaduk wrote:
> In particular, the kernel functionality to modify the groups/keyring
> contents/etc. of the parent process has not been present for a long time.
> So the kernel version is arguably more relevant than the OpenAFS version.
> -Ben
> On Thu, Oct 18, 2018 at 06:43:25AM -0400, Malato, Andy wrote:
>> The -setpag has long been deprecated and should no longer be used.  You
>> should be using pagsh instead.