OK, did so. But: running "vos examine" in a shell works. If I put the same line into a script and call this script on the same shell, it doesn't work and gives me this error:
vsu_ClientInit: Could not get afs tokens, running unauthenticated. -- Michael Richter Technische Universität Berlin Universitätsbibliothek IT-Service Fasanenstraße 88, 10623 Berlin Telefon: +49 (0)30 314-76310 m.rich...@tu-berlin.de www.ub.tu-berlin.de -----Ursprüngliche Nachricht----- Von: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] Im Auftrag von Stephan Wiesand Gesendet: Donnerstag, 2. Februar 2017 13:01 An: openafs-info@openafs.org Betreff: Re: [OpenAFS] Check free space on AFS share before login > On 2 Feb 2017, at 12:43, Richter, Michael <m.rich...@tu-berlin.de> wrote: > > Actually trying... The message comes to the user in LightDM. But I don't have > access to the AFS share of the user. I assume it's because pam_exec runs > before pam_afs_session: > > -- /etc/pam.d/common-auth > ~~~ > auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 > auth [success=2 default=ignore] pam_unix.so nullok_secure > try_first_pass > > # auth against two domains via LDAP > auth [success=1 default=ignore] pam_sss.so use_first_pass > > auth requisite pam_deny.so > auth required pam_permit.so > > # mount OwnCloud via webdav > auth optional pam_mount.so > > auth optional pam_afs_session.so > auth optional pam_cap.so > > # check free space in AFS > auth requisite pam_exec.so stdout seteuid /opt/check_free.sh > ~~~ > > pam_afs_session is optional because there are users from another domain > without an AFS share. The check_free script checks this by itself. I've set > it to required too. But still the same. The script doesn't have access to the > AFS share. According to the manual of PAM there is no way to set an order. > > Maybe this doesn't work because it's in the PAM process? > > Any hints? First, let me second Jonathan's objection to produce any output in the common pam stack. I'd really really put it into /etc/pam.d/lightdm (right after the @include common-auth). And you don't need read access to the volume root in order to find out. Parsing the output of "vos examine -format" should be simple enough. -- Stephan Wiesand DESY -DV- Platanenallee 6 15738 Zeuthen, Germany _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info