Re: [OpenAFS] Re: Losing tokens
Mystery solved. The user was using GNU screen, starting the process, detaching from screen, and terminating his original SSH session to the host (which, with our PAM config, destroys creds). I've pointed him at our build of krenew. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
On Thu, Sep 9, 2010 at 5:09 PM, Jeff Blaine jbla...@kickflop.net wrote: Mystery solved. The user was using GNU screen, starting the process, detaching from screen, and terminating his original SSH session to the host (which, with our PAM config, destroys creds). I've pointed him at our build of krenew. Someone posted some screen helper macroes a while ago, also. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
Jeff, is your usage low enough that logging all token invalidations/destruction (and maybe acquisition) would be okay? Want to run a debugging patch? Sure, if it's something I can run just on the client side. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
On 3 Sep 2010, at 21:56, Derrick Brashear sha...@dementia.org wrote: run 'groups' before and after? I'm away at the moment, so I'll be brief. When I investigated this my observations were that the user still had their original PAG group, and still had PAG related keyring entries. None of the token destruction code paths that log were being used. My plan was to instrument the remaining sites that mark a token for destruction (in particular the keyring destructor) and try to get it to fail again. Sadly, we only seem to see this problem on heavily used hosts, and even then only after they've been running for a while. Simon. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
On 9/4/2010 2:42 AM, Simon Wilkinson wrote: On 3 Sep 2010, at 21:56, Derrick Brashear sha...@dementia.org wrote: run 'groups' before and after? With tokens and after tokens have been lost report this: air blogint id: cannot find name for group ID 1098911902 1098911902 I'm away at the moment, so I'll be brief. When I investigated this my observations were that the user still had their original PAG group, and still had PAG related keyring entries. None of the token destruction code paths that log were being used. My plan was to instrument the remaining sites that mark a token for destruction (in particular the keyring destructor) and try to get it to fail again. Sadly, we only seem to see this problem on heavily used hosts, and even then only after they've been running for a while. Simon. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
On 9/3/2010 2:02 PM, Andrew Deason wrote: On Fri, 03 Sep 2010 13:52:06 -0400 Jeff Blainejbla...@kickflop.net wrote: [theu...@ourhost theproject]$ kinit Password for theu...@rcf.our.org: [theu...@ourhost theproject]$ aklog [theu...@ourhost theproject]$ tokens Tokens held by the Cache Manager: User's (AFS ID 3113) tokens for a...@rcf.our.org [Expires Sep 10 09:58] --End of list-- [theu...@ourhost theproject]$ ./eval.sh [theu...@ourhost theproject]$ ls ls: .: Permission denied [theu...@ourhost theproject]$ tokens Tokens held by the Cache Manager: --End of list-- [theu...@ourhost theproject]$ Anything afs-related in dmesg or syslog, around this time? Not a peep. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Losing tokens
run 'groups' before and after? Derrick On Sep 3, 2010, at 2:49 PM, Jeff Blaine jbla...@kickflop.net wrote: On 9/3/2010 2:02 PM, Andrew Deason wrote: On Fri, 03 Sep 2010 13:52:06 -0400 Jeff Blainejbla...@kickflop.net wrote: [theu...@ourhost theproject]$ kinit Password for theu...@rcf.our.org: [theu...@ourhost theproject]$ aklog [theu...@ourhost theproject]$ tokens Tokens held by the Cache Manager: User's (AFS ID 3113) tokens for a...@rcf.our.org [Expires Sep 10 09:58] --End of list-- [theu...@ourhost theproject]$ ./eval.sh [theu...@ourhost theproject]$ ls ls: .: Permission denied [theu...@ourhost theproject]$ tokens Tokens held by the Cache Manager: --End of list-- [theu...@ourhost theproject]$ Anything afs-related in dmesg or syslog, around this time? Not a peep. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
