OK, did so. But: running "vos examine" in a shell works. If I put the same line 
into a script and call this script on the same shell, it doesn't work and gives 
me this error:

vsu_ClientInit: Could not get afs tokens, running unauthenticated.

-- 
Michael Richter

Technische Universität Berlin
Universitätsbibliothek
IT-Service

Fasanenstraße 88, 10623 Berlin
Telefon: +49 (0)30 314-76310
m.rich...@tu-berlin.de

www.ub.tu-berlin.de


-----Ursprüngliche Nachricht-----
Von: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] Im 
Auftrag von Stephan Wiesand
Gesendet: Donnerstag, 2. Februar 2017 13:01
An: openafs-info@openafs.org
Betreff: Re: [OpenAFS] Check free space on AFS share before login


> On 2 Feb 2017, at 12:43, Richter, Michael <m.rich...@tu-berlin.de> wrote:
> 
> Actually trying... The message comes to the user in LightDM. But I don't have 
> access to the AFS share of the user. I assume it's because pam_exec runs 
> before pam_afs_session:
> 
> -- /etc/pam.d/common-auth
> ~~~
> auth    [success=3 default=ignore]      pam_krb5.so minimum_uid=1000
> auth    [success=2 default=ignore]      pam_unix.so nullok_secure 
> try_first_pass
> 
> # auth against two domains via LDAP
> auth    [success=1 default=ignore]      pam_sss.so use_first_pass 
> 
> auth    requisite                       pam_deny.so
> auth    required                        pam_permit.so
> 
> # mount OwnCloud via webdav
> auth    optional        pam_mount.so 
> 
> auth    optional                        pam_afs_session.so
> auth    optional                        pam_cap.so
> 
> # check free space in AFS
> auth    requisite   pam_exec.so stdout seteuid /opt/check_free.sh
> ~~~
> 
> pam_afs_session is optional because there are users from another domain 
> without an AFS share. The check_free script checks this by itself. I've set 
> it to required too. But still the same. The script doesn't have access to the 
> AFS share. According to the manual of PAM there is no way to set an order.
> 
> Maybe this doesn't work because it's in the PAM process?
> 
> Any hints?

First, let me second Jonathan's objection to produce any output in the common 
pam stack. I'd really really put it into /etc/pam.d/lightdm (right after the 
@include common-auth).

And you don't need read access to the volume root in order to find out. Parsing 
the output of "vos examine -format" should be simple enough.
 
-- 
Stephan Wiesand
DESY -DV-
Platanenallee 6
15738 Zeuthen, Germany



_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to