On Mon, Oct 30, 2006 at 08:21:04PM -0500, Jeffrey Hutzelman wrote: > > > On Monday, October 30, 2006 03:50:50 PM -0800 Miles Davis > <[EMAIL PROTECTED]> wrote: > > > > >Using the openafs.org RPM, slightly modified (with fsync patch and > >linux/autoconf.h replacing linux/config.h), aklog -setpag seems to get > >a token, but...doesn't. > > You haven't said what kernel and AFS versions you're using, but I'm going > to bet they're pretty new, since you did say you're running FC6.
Duh, sorry about that. The kernel is 2.6.18-1.2798.fc6, and openafs 1.4.2. > The > -setpag switch uses an AFS system call which violates a basic UNIX design > principle, by allowing the process that calls it (aklog) to modify the > execution environment of its parent (your shell). That mechanism has > always been somewhat ugly, and it's likely that with kernels new enough to > require keyring-based PAG tracking, it has never worked and never will. > What's probably going on here is that aklog's PAG is being changed, but > that of the parent shell is not, so your tokens are being dropped into the > great abyss. Ah, I never understood the mechanism behind it. Thanks for the info. > I'd suggest you stop using -setpag entirely. Instead, consider using > pagsh, which gives you a new shell with a new PAG, along the same lines as > newgrp. That's my plan. I'm not sure why I was using -setpag to begin with (in my pam_aklog module and login scripts), since I already have a pag on login...I must have assumed it was the safe fallback or something. Anyway, I'm loving 1.4.2...the move from fc4 to fc6 is the easiest yet. -- // Miles Davis - [EMAIL PROTECTED] - http://www.cs.stanford.edu/~miles // Computer Science Department - Computer Facilities // Stanford University _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
