The PAG's now are now done via keyctl . The configure of at least
openafss-1.6.21.1 checks this , look for KEYCTL_SESSION_TO_PARENT around
line 23282
But the generated Makefile in src/aklog does not include -lkeyutils ,
there i change to
AKLIBS = -L/opt/krb5/lib -lkrb5 -lk5crypto -lcom_err -lkrb5support
-lkeyutils -lcrypt -lresolv
aklog -setpag then gets a token with a PAG (check with: keyctl show )
Best regards
Rainer
On 06/01/18 04:58, Daria Phoebe Brashear wrote:
On Thu, May 31, 2018 at 11:39 AM, Stephan Wiesand
<stephan.wies...@desy.de <mailto:stephan.wies...@desy.de>> wrote:
Indeed. The SL packaging renames pagsh to pagsh.openafs to avoid
clashes with other software like heimdal providing it.
Regarding aklog, I thought that -setpag was broken on Linux many
years ago.
It was.
The ability to rewrite a parent's state (which is what aklog -setpag
needs) doesn't work
--
Daria Phoebe Brashear
AuriStor, Inc
dariaphoebe.com <http://dariaphoebe.com>
