In message [EMAIL PROTECTED],David Howells writes:
Session Keyring
-3 --alswrv 0 0 keyring: _uid_ses.0
2 --alswrv 0 0 \_ keyring: _uid.0
29391168 s--v 0 0 \_ afs_pag: _pag
What I'm pointing out in the above key ring dump is
chas williams - CONTRACTOR [EMAIL PROTECTED] wrote:
i dont have read or update ops now. i dont think this would be sufficient
since the afs_pag key type still has to have an instantiate op which
the user could call. i dont want users creating session keyrings and
arbitrary pags trying to
On Fri, Mar 09, 2007 at 08:34:27PM -0800, Miles Davis wrote:
On Fri, Mar 09, 2007 at 05:22:04PM -0500, chas williams - CONTRACTOR wrote:
i dont know much about imapd. is it afs aware itself or is it relying
on the pam module? only the children of the process that called setpag()
will be
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so and still can't find
anything...
AFAIK, the only way I know of
On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
On 4/4/07, Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify
Miles Davis [EMAIL PROTECTED] wrote:
OK, I've learned a bit about the kernel key management, and part of my
problem is they key quota. Anybody know offhand how to modify that?
I've been looking for the past hour or so and still can't find
anything...
The key quota is currently fixed, but
Miles Davis [EMAIL PROTECTED] wrote:
Let me step back too, in case I'm on the wrong path. My symptom is
that tokens are disappearing out from under users after a few minutes
in a session. They're not expiring. Running keyctl show after ssh
login shows that my keying is uid 0, but I don't
Kevin Coffman [EMAIL PROTECTED] wrote:
This may or may not be related to the problem you are seeing, but keys
have an expiration that is separate from token expiration. Perhaps
something to look at.
That's unlikely to be the problem for two reasons:
(1) You have to explicitly set the
On Wednesday, April 04, 2007 06:07:46 PM +0100 David Howells
[EMAIL PROTECTED] wrote:
How's the afs_pag key getting allocated? Is it by a PAM module?
No; it gets allocated by AFS as part of the setpag operation. Of course,
the setpag may be being called by a PAM module, but that should
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
No; it gets allocated by AFS as part of the setpag operation. Of course, the
setpag may be being called by a PAM module, but that should be fairly
irrelevant.
Without having looked at this in much detail, I'll hazard a guess as to what's
going
That's not a good solution. The afs_pag gets attached to the root user's
default session keyring, displacing any afs_pag that was previously there.
What does the setpag code look like?
It's in setpag() in src/afs/LINUX/osi_group.c,
On Wednesday, April 04, 2007 08:33:34 PM +0100 David Howells
[EMAIL PROTECTED] wrote:
That'd be my bet too. I suspect that the PAM module (if that's what it
is) that issued setpag occurs before the pam_keyinit PAM module also.
Oh, hm. That's not good. We may find ourselves back in
On Wed, Apr 04, 2007 at 06:07:46PM +0100, David Howells wrote:
Miles Davis [EMAIL PROTECTED] wrote:
Let me step back too, in case I'm on the wrong path. My symptom is
that tokens are disappearing out from under users after a few minutes
in a session. They're not expiring. Running keyctl
On Wed, 4 Apr 2007, Jeffrey Hutzelman wrote:
Without having looked at this in much detail, I'll hazard a guess as to
what's going on. I'll bet the PAG (and thus the key) are created while sshd
is still UID 0,
OpenSSH (at least) calls pam_open_session and pam_setcred while still
running as
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
It shouldn't get attached to the default session keyring at all, because that
would cause the PAG to be inherited by newly-created sessions for that UID,
wouldn't it?
That's what appeared to be shown in Miles's keyctl show output:
Session
In message [EMAIL PROTECTED],David Howells writes:
That's what appeared to be shown in Miles's keyctl show output:
Session Keyring
-3 --alswrv 0 0 keyring: _uid_ses.0
2 --alswrv 0 0 \_ keyring: _uid.0
29391168 s--v 0 0
Well, I may have screwed myself this time. I tested out uw-imap + fc6
(2.6.19-1.2895.fc6) + openafs 1.4.2 and it seemed to work fine, so I
proceeded with other upgrades, and I was sorely wrong. :(
imapd sometimes can't see files/folders in user home dirs (afs). The
behaviour is odd -- seems
i dont know much about imapd. is it afs aware itself or is it relying
on the pam module? only the children of the process that called setpag()
will be inside the pag.
/proc/key-users will tell you who has key rings and how many. i dont
know how to peek inside them.
In message [EMAIL
On Fri, Mar 09, 2007 at 05:22:04PM -0500, chas williams - CONTRACTOR wrote:
i dont know much about imapd. is it afs aware itself or is it relying
on the pam module? only the children of the process that called setpag()
will be inside the pag.
Totally relying on pam. This setup worked on FC4
20 matches
Mail list logo