[OpenAFS] openafs versus systemd
spacefrogg-openafs@spacefrogg.net
spacefrogg-openafs@spacefrogg.net
Tue, 6 Jun 2023 13:38:47 +0200 (GMT+02:00)
I have no idea what exactly is messing up what part, but we also have home =
directories on AFS and use the following solution for several years now.
Replace the ExecStart line of the user@.service with the following script:
#!/usr/bin/bash
if [ $(id -u %i) -ge 10000 ]; then
=C2=A0=C2=A0=C2=A0 export KRB5CCNAME=3D/PATH/TO/CACHE-DEPENDING-ON-$(id -u =
%i)
=C2=A0=C2=A0=C2=A0 aklog
fi
exec /path/to/systemd --user
You must use the same fixed Kerberos cache files in PAM, obviously.
You should set up a token refresh user service, so that the systemd user se=
ssion does not die due to missing filesystem access.
We also circumvent issues with PAGs by not using them. I would be intereste=
d to know, whether this approach works with PAGs.
Regards,
=E2=80=93Michael