Hi Derrick,
Yap, you are right. Some of the services on the 2nd afs server are down.
I managed to make some changes and the other services are up:
bos status afs2
bos: a pioctl failed (getting tickets)
bos: running unauthenticated
Instance upclientetc, currently running normally.
Instance
On Fri, Mar 09, 2007 at 08:34:27PM -0800, Miles Davis wrote:
On Fri, Mar 09, 2007 at 05:22:04PM -0500, chas williams - CONTRACTOR wrote:
i dont know much about imapd. is it afs aware itself or is it relying
on the pam module? only the children of the process that called setpag()
will be
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so and still can't find
anything...
AFAIK, the only way I know of
On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify
Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so and still can't find
anything...
The key quota is currently fixed, but
Miles Davis [EMAIL PROTECTED] wrote:
Let me step back too, in case I'm on the wrong path. My symptom is
that tokens are disappearing out from under users after a few minutes
in a session. They're not expiring. Running keyctl show after ssh
login shows that my keying is uid 0, but I don't
Kevin Coffman [EMAIL PROTECTED] wrote:
This may or may not be related to the problem you are seeing, but keys
have an expiration that is separate from token expiration. Perhaps
something to look at.
That's unlikely to be the problem for two reasons:
(1) You have to explicitly set the
On Wednesday, April 04, 2007 06:07:46 PM +0100 David Howells
[EMAIL PROTECTED] wrote:
How's the afs_pag key getting allocated? Is it by a PAM module?
No; it gets allocated by AFS as part of the setpag operation. Of course,
the setpag may be being called by a PAM module, but that should
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
No; it gets allocated by AFS as part of the setpag operation. Of course, the
setpag may be being called by a PAM module, but that should be fairly
irrelevant.
Without having looked at this in much detail, I'll hazard a guess as to what's
going
That's not a good solution. The afs_pag gets attached to the root user's
default session keyring, displacing any afs_pag that was previously there.
What does the setpag code look like?
It's in setpag() in src/afs/LINUX/osi_group.c,
On Wednesday, April 04, 2007 08:33:34 PM +0100 David Howells
[EMAIL PROTECTED] wrote:
That'd be my bet too. I suspect that the PAM module (if that's what it
is) that issued setpag occurs before the pam_keyinit PAM module also.
Oh, hm. That's not good. We may find ourselves back in
On Wed, Apr 04, 2007 at 06:07:46PM +0100, David Howells wrote:
Miles Davis [EMAIL PROTECTED] wrote:
Let me step back too, in case I'm on the wrong path. My symptom is
that tokens are disappearing out from under users after a few minutes
in a session. They're not expiring. Running keyctl
On Wed, 4 Apr 2007, Jeffrey Hutzelman wrote:
Without having looked at this in much detail, I'll hazard a guess as to
what's going on. I'll bet the PAG (and thus the key) are created while sshd
is still UID 0,
OpenSSH (at least) calls pam_open_session and pam_setcred while still
running as
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
It shouldn't get attached to the default session keyring at all, because that
would cause the PAG to be inherited by newly-created sessions for that UID,
wouldn't it?
That's what appeared to be shown in Miles's keyctl show output:
Session
In message [EMAIL PROTECTED],David Howells writes:
That's what appeared to be shown in Miles's keyctl show output:
Session Keyring
-3 --alswrv 0 0 keyring: _uid_ses.0
2 --alswrv 0 0 \_ keyring: _uid.0
29391168 s--v 0 0
I'm not sure that this is a case of make install being deficient,
just a case of it not doing what I wanted...
My system (a fresh install of fedora core 5) needed the following
directories created. (Not creating them lead to mysterious errors
that were almost impossible to track back to a
17 matches
Mail list logo