Bug#485049: marked as done (token loss problems inside a linux-vserver guest)

Wed, 29 Dec 2010 18:36:19 -0800 

Your message dated Thu, 30 Dec 2010 02:33:02 +0000
with message-id <[email protected]>
and subject line Bug#485049: fixed in libpam-afs-session 2.0-1
has caused the Debian Bug report #485049,
regarding token loss problems inside a linux-vserver guest
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
485049: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485049
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libpam-openafs-session
Version: 1.0-7
Severity: important

When logging in on a linux-vserver guest (using debian's linux-vserver
kernels and utilites), libpam-openafs-session does not create a PAG
and does not get tokens for the user.  I believe this did work OK with
the versions of the packages in sarge, but I have not been able to
make it work with etch (as you may notice from the package versions
listed below, I have also tried backporting newer openafs packages
from unstable a couple of times to try to fix this problem - the
problem does exist when using the etch versions of openafs packages as
well).

The same packages with the same configuration are being used on the
host system and other non-vserver systems and those systems do provide
users with PAGs and tokens.

The auth.log contains the following when a user logs in via ssh and does
not get at PAG and a token (I removed date/time/host from the beginning
of each line):

sshd[23136]: (pam_unix) session opened for user kcheek by (uid=0)
sshd[23136]: (pam_krb5): none: pam_sm_setcred: entry (0x2)
sshd[23136]: (pam_krb5): none: no context found, creating one
sshd[23136]: (pam_krb5): kcheek: found initial ticket cache at 
/tmp/krb5cc_pam_ehdDoC
sshd[23136]: (pam_krb5): kcheek: initializing ticket cache 
/tmp/krb5cc_11428_dsEb8E
sshd[23136]: (pam_krb5): kcheek: pam_sm_setcred: exit (success)
sshd[23136]: pam_openafs-krb5: open_session: AFS apparently not available

I'm wondering why the pam module thinks "AFS apparently not available".

Thanks!

-kevin

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-xen-vserver-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libpam-openafs-session depends on:
ii  libc6                 2.3.6.ds1-13etch5  GNU C Library: Shared libraries
ii  libpam-krb5           2.6-1              PAM module for MIT Kerberos
ii  openafs-client        1.4.5~pre2.dfsg1-1 AFS distributed filesystem client
ii  openafs-krb5          1.4.5~pre2.dfsg1-1 AFS distributed filesystem Kerbero

libpam-openafs-session recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: libpam-afs-session
Source-Version: 2.0-1

We believe that the bug you reported is fixed in the latest version of
libpam-afs-session, which is due to be installed in the Debian FTP archive:

libpam-afs-session_2.0-1.debian.tar.gz
  to main/libp/libpam-afs-session/libpam-afs-session_2.0-1.debian.tar.gz
libpam-afs-session_2.0-1.dsc
  to main/libp/libpam-afs-session/libpam-afs-session_2.0-1.dsc
libpam-afs-session_2.0-1_i386.deb
  to main/libp/libpam-afs-session/libpam-afs-session_2.0-1_i386.deb
libpam-afs-session_2.0.orig.tar.gz
  to main/libp/libpam-afs-session/libpam-afs-session_2.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated libpam-afs-session package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 29 Dec 2010 16:28:44 -0800
Source: libpam-afs-session
Binary: libpam-afs-session
Architecture: source i386
Version: 2.0-1
Distribution: experimental
Urgency: low
Maintainer: Russ Allbery <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description: 
 libpam-afs-session - PAM module to set up a PAG and obtain AFS tokens
Closes: 485049 516864
Changes: 
 libpam-afs-session (2.0-1) experimental; urgency=low
 .
   * New upstream release.
     - If there is no PAG, create a new one and obtain tokens even if the
       module has already run.  Works around destruction of the PAG on
       Linux by keyring initialization PAM modules.
     - pam_close_session now removes module-specific data indicating that
       the module has already run, for better behavior in the rare case of
       opening multiple sessions using the same PAM handle.
     - Log an ignore status properly when debugging is enabled.
   * Add libtest-pod-perl to build dependencies for documentation tests.
   * Document the Linux kernel requirement for keyring support to use AFS
     PAGs properly in README.Debian.  (Closes: #516864)
   * Document the requirement for vserver guests to have access to the
     /proc file used by the OpenAFS cache manager for AFS system calls in
     README.Debian.  (Closes: #485049)
   * Update to debhelper compatibility level V8.
     - Use debhelper rule minimization.
   * Switch to 3.0 (quilt) source format.  Force a single Debian patch and
     include a custom patch header explaining that it is a rollup of any
     fixes cherry-picked from upstream and breaking those patches out
     separately would be work for no gain.
Checksums-Sha1: 
 d7941597a6f8beaca4838009d88dc5033cc3072e 1638 libpam-afs-session_2.0-1.dsc
 307f1a1c71a0f184172a11a173a96fa397104eac 405138 
libpam-afs-session_2.0.orig.tar.gz
 cc9f53fb77355f23dabcf34d743b1d830abcb4fb 8202 
libpam-afs-session_2.0-1.debian.tar.gz
 c03b321ffdf0d67cd2db35ee580c8962e3c1d646 38892 
libpam-afs-session_2.0-1_i386.deb
Checksums-Sha256: 
 c9b921bbfc8c9dd6c1536a5ea50ce72ece78991d594f07cc3619a543236858f6 1638 
libpam-afs-session_2.0-1.dsc
 445ce1b3ce98ac407ac5275d2c3ebeb44b027a823098203f8718eba5d698f3a9 405138 
libpam-afs-session_2.0.orig.tar.gz
 32d1d4e370c28ac394a98e84a5d7a7c6edb4ac2665db6a6101828d7561015dab 8202 
libpam-afs-session_2.0-1.debian.tar.gz
 c9aa4a07c510da68716fc2708bbba64a991383917c43ab43b3538218b668fca2 38892 
libpam-afs-session_2.0-1_i386.deb
Files: 
 70a2736b6eff5559d10e6fe46004c394 1638 admin optional 
libpam-afs-session_2.0-1.dsc
 1fa933ae0388516b9a983a39ee27b930 405138 admin optional 
libpam-afs-session_2.0.orig.tar.gz
 4e0ca25ddbacd79971955b4269a5ba43 8202 admin optional 
libpam-afs-session_2.0-1.debian.tar.gz
 dabf0ac7fb1c8adf5b86aeb4981e4bb8 38892 admin optional 
libpam-afs-session_2.0-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJNG9KKAAoJEH2AMVxXNt510LkH/0WfmjTdAEALc6o6C+4/kdJh
g1n2x/UJIjSngbEbFwEVbOBTXLltPmVV/xRJO3yT4hRGyuamdq0A+Vl7F8URW68C
70e4dinL2Ds4lGEKAwbKvCmF15Nx+zJWhklCmGwj4T1ckTupdOtpaKuxGRbnpsOs
LXz7n19/mjqr/fHcP6SH4wnEKu0uwcvkddmQzlWTJMPVgr8xI1o0l66luZVW9XS8
K4Af4yWARqx+utl6J3BGBvgclPkb4suztoOV8weoA/+9A2Vd8m66Ok4Ky6u/WXZJ
owNc/aHWW3vIXarRLsbACVVhTKB/3ZXi7vz9LJJvjZ3rBV8iyEdE3nDlM5ZIVNs=
=aEFH
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to