Hi, On Dec 22, 2010, at 18:40 , Thomas Calderon wrote:
> Hi, > > We are also using Ubuntu 10.04 paired with AFS home dirs and I am facing a > hard problem with Gnome. Opening and closing sessions work flawlessly, but > when users lock their workstation at night, they can't unlock it the > following morning. Of course their TGT and AFS tokens expire overnight, which > is the main cause of the problem. from my experience, it will cause other problems as well. For example, with firefox. The best approach is to prevent the ticket/token from expiring while the user is logged in. > I read in the discussion that a GCONF_LOCAL_LOCKS variable might exist, which > sounded promising but has no effect nowadays. Well, I mentioned that it probably no longer has ;-) > The problem only occurs with Gnome, KDE is fine. I spend many ours trying to > debug this issue. > > The issue is reproductible for me using this approach: > running gnome-screensaver in debug > renew TGT with 10 seconds lifetime and lock > wait 15 minutes -> the GUI is freezed > killing in console gives back the GUI and I can renew TGT in a terminal > > ex: > cd /tmp > apt-get source gnome-screensaver > cd gnome-screensaver-xxx/src/ > sh debug-screensaver.sh (can be tuned to send log to /tmp/xxx.log) > kinit -l 10 [email protected] > > > Any of you could point me in a direction on how to solve this ? I might end > up using xlock or xscreensaver, but I'd prefer to stay close to the "default" > environement. I have no experience with Ubuntu (yet). RHEL (at least 5, 6) comes with something called krb5-auth-dialog that's started with the user's session and will renew the ticket while that's possible. For EL6, we hacked it so that it will run aklog right after and hence get a fresh token as well. (On EL5, we haven't observed the problem you describe, and I'm not even sure it exists on EL6 - we did this to avoid problems with other software - like firefox). If krb5-auth-dialog comes with Ubuntu, it may even be sufficiently recent that it doesn't have to be modified to care for AFS tokens. Recent versions come with a plugin system, and there's a plugin to do just that. Unfortunately, that version can't be built on EL6 - that's already too old... Regards, Stephan -- Stephan Wiesand DESY -DV- Platanenenallee 6 15738 Zeuthen, Germany _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
