[OpenAFS] Re: OpenAFS-info digest, Vol 1 #7363 - 4 msgs

Chad William Seys cwseys@physics.wisc.edu
Wed, 7 Jun 2023 16:48:56 -0500 

Hi all,
   I've been trying to know how to disable PAG, but am having a google 
fail.  Anyone have pointers.

Thanks!
Chad.

On 6/6/23 11:01, openafs-info-request@openafs.org wrote:
> Send OpenAFS-info mailing list submissions to
> 	openafs-info@openafs.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.openafs.org/mailman/listinfo/openafs-info
> or, via email, send a message with subject or body 'help' to
> 	openafs-info-request@openafs.org
> 
> You can reach the person managing the list at
> 	openafs-info-admin@openafs.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OpenAFS-info digest..."
> 
> 
> Today's Topics:
> 
>     1. openafs versus systemd (Stephen Quinney)
>     2. openafs versus systemd (spacefrogg-openafs@spacefrogg.net)
>     3. Re: openafs versus systemd (Giovanni Bracco)
>     4. Re: openafs versus systemd (Ken Hornstein)
> 
> --__--__--
> 
> Message: 1
> From: Stephen Quinney <stephen@jadevine.org.uk>
> Date: Tue, 6 Jun 2023 11:53:08 +0100
> To: OpenAFS <openafs-info@openafs.org>
> Subject: [OpenAFS] openafs versus systemd
> 
> We're having trouble with the dbus-user-session package messing up afs
> for logins on Ubuntu 22.04. On 20.04 we solved the issue by just
> removing the package but this is now very difficult due to other
> dependencies.
> 
> I'm aware this issue has been discussed before on the mailing list and
> also on the systemd bug tracker
> <https://github.com/systemd/systemd/issues/7261> but I'm still really
> unclear on what the community feels is the best solution to this
> problem.
> 
> I realise not everyone is a fan of systemd and some might suggest just
> disabling the user session support entirely but that also appears to
> have undesirable side-effects so I'd like to minimise the impact of
> any changes I have to make.
> 
> How have others solved this? Any suggestions?
> 
> 
> Thanks,
> 
> Stephen Quinney
> 
> --__--__--
> 
> Message: 2
> Date: Tue, 6 Jun 2023 13:38:47 +0200 (GMT+02:00)
> From: spacefrogg-openafs@spacefrogg.net
> To: openafs-info@openafs.org
> Subject: [OpenAFS] openafs versus systemd
> 
> I have no idea what exactly is messing up what part, but we also have home =
> directories on AFS and use the following solution for several years now.
> 
> Replace the ExecStart line of the user@.service with the following script:
> #!/usr/bin/bash
> 
> if [ $(id -u %i) -ge 10000 ]; then
> =C2=A0=C2=A0=C2=A0 export KRB5CCNAME=3D/PATH/TO/CACHE-DEPENDING-ON-$(id -u =
> %i)
> =C2=A0=C2=A0=C2=A0 aklog
> fi
> exec /path/to/systemd --user
> 
> You must use the same fixed Kerberos cache files in PAM, obviously.
> 
> You should set up a token refresh user service, so that the systemd user se=
> ssion does not die due to missing filesystem access.
> 
> We also circumvent issues with PAGs by not using them. I would be intereste=
> d to know, whether this approach works with PAGs.
> 
> Regards,
> =E2=80=93Michael
> 
> --__--__--
> 
> Message: 3
> Date: Tue, 6 Jun 2023 14:06:32 +0200
> To: spacefrogg-openafs@spacefrogg.net, openafs-info@openafs.org
> From: Giovanni Bracco <giovanni.bracco@enea.it>
> Subject: Re: [OpenAFS] openafs versus systemd
> 
> Is it possible (and it may be more general) to use kswitch ?
> 
> Something like:
> 
> #!/usr/bin/bash
> 
> if [ $(id -u %i) -ge 10000 ]; then
>       kswitch -p $(id -u %i)
>       aklog
> fi
> exec /path/to/systemd --user
> 
> 
> Giovanni
> 
> 
> On 06/06/23 13:38, spacefrogg-openafs@spacefrogg.net wrote:
>> I have no idea what exactly is messing up what part, but we also have home directories on AFS and use the following solution for several years now.
>>
>> Replace the ExecStart line of the user@.service with the following script:
>> #!/usr/bin/bash
>>
>> if [ $(id -u %i) -ge 10000 ]; then
>>       export KRB5CCNAME=/PATH/TO/CACHE-DEPENDING-ON-$(id -u %i)
>>       aklog
>> fi
>> exec /path/to/systemd --user
>>
>> You must use the same fixed Kerberos cache files in PAM, obviously.
>>
>> You should set up a token refresh user service, so that the systemd user session does not die due to missing filesystem access.
>>
>> We also circumvent issues with PAGs by not using them. I would be interested to know, whether this approach works with PAGs.
>>
>> Regards,
>> –Michael
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>