Hi On Sun, Feb 05, 2012 at 10:35:08PM +0100, Andreas B. Mundt wrote: > Hi, > > On Sun, Feb 05, 2012 at 05:25:20PM +0100, Giorgio Pioda wrote: > > > > The script executed right after authentication copies the user's > > > Kerberos ticket to the file krb5cc_diskless which is owned by root. > > > This ticket will be picked up by gssd to create the security context > > > needed. However, it's needed to restart autofs, I am not exactly sure > > > why. It looks like autofs caches failures in mounting a directory > > > (which it tries earlier in the login process), and does not try again > > > immediately when the ticket is available. > > > > > > > What about setting a delay in autofs? > > > > How long? I think entering the username triggers autofs (to read the > user's configuration, for example which desktop he want's to start by > default). What if someone takes 15 seconds to enter his password, and > someone else needs only 3 seconds? Only if exactly at the right > moment where pam gives the OK (i.e. the ticket is available) for login > the autofs is triggered it will manage to provide the home directory. > Imediatelly after that the user will have / as home (or might not be > allowed to login on gdm).
It is pam that triggers autofs, I guess. Probably it is possible to construct pam rules in such a way that your script is first executed and only after this step aufofs is called, (either with libpam-script or libpam-exec). I've read around that such an hack has been tested for EduUbuntu (thiny client based), but the guys didn't publish the details. > So I don't think that will work. Did you have any success with the > > verify_ap_req_nofail = false > Yes, but it seems to be false by default. I have to test it again; no success until now. > stuff? > > Best regards, > > Andi > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/20120205213507.GA6821@flashgordon > > Regards Giorgio -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
