[OpenAFS-port-darwin] aklog During Login with Remote Home Directories

Michael Bartosh mbartosh@4am-media.com
Tue, 27 Dec 2005 01:30:18 -0700 

On Dec 27, 2005, at 1:25 AM, Michael Bartosh wrote:


On Dec 14, 2005, at 7:50 AM, Duncan Kincaid (sent by Nabble.com) wrote:

> Mike
>
> We are facing the exact problem. Further, 'su $1' followed by  
> 'aklog' doesn't seem to work when placed in Loginhook script. No  
> tokens are had for user logging in. I can confirm that user has  
> Kerberos tickets. When testing the Loginhook script outside of an  
> actual login, tokens are had, but they seem to live only within the  
> shell which created them. Which is to say, if user opens new shell  
> window an types 'tokens' none are cached.
>
> Would you or anyone else have any idea as to what I might be doing  
> wrong?
>

It's all a question of context. Apple messes around with that sort of  
thing from release to release.

FWIW this seemed to be working for be before I left on xmas  
vacation.. as a LoginAgent.

There's some obvious debug stuff in there.. but this is the form in  
which it was working in my test environment (linux AFS server, Mac OS  
X kdc and client, 10.4.3 and rc2):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http:// 
www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
         <key>Debug</key>
         <true/>
         <key>Label</key>
         <string>lan.tigerserver.aklog</string>
         <key>OnDemand</key>
         <false/>
         <key>Program</key>
         <string>/usr/bin/aklog</string>
         <key>ProgramArguments</key>
         <array>
                 <string>/usr/bin/aklog</string>
                 <string>-d</string>
         </array>
         <key>RunAtLoad</key>
         <true/>
         <key>StandardErrorPath</key>
         <string>/tmp/blah1</string>
         <key>StandardOutPath</key>
         <string>/tmp/blah0</string>
</dict>
</plist>



..it took a couple of seconds (5-10) after login for all the right  
credentials to get issued, and for the home dir to become r/w.

Keep in mind I got this to work @ 3am after taking the previous 12  
hours to get y mind around AFS and get my first cell set up..  
including building my own aklog since the one in the linux rpm's is  
broken (still tries to get 524 tix) and right before leaving on  
holiday at 7am.

But I'm pretty sure it was all working at that point.

-mb