Hi, On Tue, 20 Jan 2015, Yvan Masson wrote:
> Hi, > > I'm currently preparing the installation of Debian 8 Jessie (the current > almost stable) workstations in an OpenAFS environment. Users can log in > with theirs AFS credentials. > My problem is that if a user use the "sudo" command, he looses his afs > token. After that, the user can use "aklog" to get a new token. The > Kerberos tickets are not destroyed. I don't use sudo on my debian machines (just su), so I think you may need to clarify a bit more: is sudo being used to run a single command with privilege, or to run an interactive shell (as in sudo -i)? Is only the terminal where sudo was run affected, or are other terminal windows affected as well? > I suppose that I should do someting with PAM, probably > in /etc/pam.d/sudo, but I don't know exactly what. Well, it probably depends on whether the default (uid-based) pag is in use, or a session-specific pag. I think that with jessie's kernel the pag information is stored in the keyring, so 'keyctl show' before and after sudo is run may be helpful. -Ben Kaduk _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
