On Fri, 9 Oct 2009 13:16:21 -0400 "Daniel Richard G." <[email protected]> wrote:
> > We've seen some odd behavior in some situations when gid and keyring > > PAG tracking are both in use. I've never seen issues with it and > > SSH, though, and if your tokens are lasting longer than 10 minutes, > > that's probably not the problem. > > It's a layer I was unaware of, at least. I'll try looking at the > keyring the next time I get the odd token behavior. Unfortunately, issues relating to this can't really be debugged from userspace. You could try disabling the gid PAG code or the keyring PAG code when building the client, though. You can disable the gid PAG code with the configure option --disable-linux-syscall-probing, though that's not really what it's supposed to be used for. But again, if you're seeing tokens last for several hours, you're not hitting the specific issue I'm thinking of. It's still possible for the gid and keyring PAG stuff to be interacting strangely in ways I haven't seen, though. > Any other ideas as to what kind of poking and prodding I can do when > the AFS token isn't working as it should? I can't think of anything right now that you can look at that would help more. If you're seeing that, something thinks the current time is past your token's expiration time. So, checking the expiration time reported by 'tokens' and looking at the present time on the client and all servers the user may have contacted would be going in the right direction, but if all of that looks correct... Of course, finding patterns helps. If you can narrow it down to the user accessing a specific fileserver, or if tokens always go away N minutes before they are supposed to, or they go away prematurely only if you logged in the previous day, or something like that, that would help. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
