Am 31.03.2017 um 22:18 schrieb Benjamin Kaduk: > On Thu, Mar 30, 2017 at 03:53:24PM +0200, Andreas Ladanyi wrote: >> Hi guys, >> >> i tested: >> >> Ubuntu 16.10, Gnome, Kernel 4.8 >> >> current OpenAFS 1.6.20 from ppa. >> >> After relogin from screensaver dialog the kerberos tgt and afs service >> ticket are renewed but the afs token isnt renewed. There is no >> "always_aklog" flag at pam_afs_session.so line in pam common-auth file. >> >> If i try this relogin procedure with OpenAFS 1.6.18 from the distri repo >> the afs token is also renewed. > Hmm, to have a new afs service ticket obtained (after the new TGT) > would indicate that pam_afs_session is still running and doing > something, but presumably failing to actually insert the token into > the appropriate PAG. Unfortunately, pam_afs_session is mostly > unmaintained these days (I don't believe that Russ found anyone to > take it over), so it seems like the most prudent suggestion would be > to see whether always_aklog helps. > > -Ben Now it seems there is the same problem with 1.6.18 and 1.6.20 at Ubuntu 16.10 (kernel 4.8) .....
In both cases the screensaver calls pam and the pam_afs_session setcred and setcred is running aklog for the correct AFS user ID. If i run aklog manual in the terminal because the afs token time is not updated by pam_afs_session then the token time will be updated. How is it possible to debug the way from calling pam setcred running aklog through the way to PAG ? Could the PAG and content be printed to the terminal ? At Ubuntu 14.04, kernel 4.4 it seems to be no problem with 1.6.20. regards, Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
