Meant to post here as well... --- On Tue, 3/30/10, [email protected] <[email protected]> wrote:
> From: [email protected] <[email protected]> > Subject: Re: significant delay for afs user to login as root via su > To: "Andrew Deason" <[email protected]> > Date: Tuesday, March 30, 2010, 9:26 AM > Yes, I am at Notre Dame. > > The problems I was having yesterday continue; I can't seem > to find anything that could have triggered it. I'm > re-compiling a kernel; the kernel I was using was built > based on Fedora's latest, minus the IMA security feature but > also with optimizing for the Hammer cpu architecture. > I'm re-compiling to go back to generic x86_64 cpu (while > still not including support for IMA). Part of the > problem symptom is this in my dmesg output: > afs: Lost contact with file server 129.74.223.21 in cell > nd.edu (all multi-homed ip addresses down for the server) > > By the way, adding > > XAUTHORITY > DEFAULT=/tmp/${\$}.Xauthority OVERRIDE=/var/tmp/@{PAM_USER}.Xauthority > > to /etc/security/pam_env.conf just made it impossible for > logins at the console- the screen would go blank after > putting in the password, and then revert back to the login > prompt. > > thanks, > eric > > > However, when I add the > > --- On Tue, 3/30/10, Andrew Deason <[email protected]> > wrote: > > > From: Andrew Deason <[email protected]> > > Subject: Re: significant delay for afs user to login > as root via su > > To: "[email protected]" > <[email protected]> > > Date: Tuesday, March 30, 2010, 12:04 AM > > On Mon, 29 Mar 2010 12:36:57 -0500 > > "[email protected]" > > <[email protected]> > > wrote: > > > > > Thanks for the follow up. I was about to > > implement that suggestion, > > > but I just discovered I'm having some problems > with > > logins. > > > > Sorry for not responding earlier today. It looks like > any > > external email > > to me that came after around noon was delayed until > after > > 5pm today, so > > I didn't see this until after I got off work. > > > > Also, if you post this to openafs-info, you will get > more > > response :) > > There's also a #openafs IRC channel, though I don't > hang > > out there. > > > > By the way, are you the Eric Matlis from U of Notre > Dame, > > by any chance? > > > > > I'm seeing this in my /var/log/messages: > > > > > [...] > > > > > > This is happening with any user that logs in. > > It's taking for ever > > > for their log in process to complete as a > result. > > > > All users, including connecting via SSH? Those look > like > > messages coming > > from console logins (via e.g. GDM). > > > > Anyway, you're not getting tokens on login, or at > least not > > early enough > > in the process. Adding 'debug' to the > pam_afs_session.so > > and the > > pam_krb5.so lines in your 'auth' stack in > system-auth-ac, > > and looking at > > the logs, could help. (I assume your /etc/pam.d/gdm > says to > > include > > stuff from system-auth-ac?) > > > > However, just a guess going by your posted PAM > config... > > you didn't > > happen to create users with local accounts and > passwords as > > well as > > setting them up in kerberos, did you? Users can > > authenticate locally > > successfully, even if kerberos auth fails. If kerberos > auth > > fails, you > > won't have tickets and won't be able to get AFS > tokens. > > > > -- > > Andrew Deason > > [email protected] > > > > > > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
