On Tue, Feb 24, 2009 at 07:11:01PM -0800, Russ Allbery wrote: > david l goodrich <d...@dsrw.org> writes: > > On Tue, Feb 24, 2009 at 06:49:10PM -0800, Russ Allbery wrote: > > >> The extra high-numbered group won't necessarily show up, since PAGs are > >> really based on keyrings. If you run tokens, what is its output? > > > > oh, right, sorry. I am also running `tokens`. No dice. > > d...@chaos:~$ tokens > > > > Tokens held by the Cache Manager: > > > > --End of list-- > > d...@chaos:~$ > > > >> keyctl show will also show you the underlying keyring of the PAG. > > > > I didn't know about keyctl, so I have no idea if this is a normal > > case for 'no PAGs': > > > > d...@chaos:~$ keyctl show > > Session Keyring > > -3: key inaccessible (Function not implemented) > > d...@chaos:~$ > > That indicates you have no PAG indeed. You should normally get something > like: > > windlord:~> keyctl show > Session Keyring > -3 --alswrv 0 0 keyring: _ses.3882 > 975847253: key inaccessible (Required key not available) > > Hm. Well, I'm stumped... this works fine for me with OpenSSH and PAM in a > basically identical configuration, and your system logs say that the AFS > PAM module thinks everything is working correctly and there are no > problems. > > I'm not sure what else to try. Clearly there's something different about > your system and your configuration that isn't happening on any of my > systems, but I'm not sure what it could be.
Could it be my ssh config? I'm really grasping at straws, here. This bug report was sort of my last resort <grin> > > I assume that if you run pagsh you then have a PAG, and if you run aklog > inside that shell, you then have a token? Actually, the keyctl bit looks a bit off: d...@chaos:~$ pagsh sh-3.2$ id uid=1000(dlg) gid=1000(dlg) groups=1000(dlg),1101227443 sh-3.2$ aklog sh-3.2$ tokens Tokens held by the Cache Manager: User's (AFS ID 1000) tokens for a...@dsrw.org [Expires Feb 25 20:11] --End of list-- sh-3.2$ keyctl show Session Keyring -3: key inaccessible (Function not implemented) sh-3.2$ exit exit d...@chaos:~$ id uid=1000(dlg) gid=1000(dlg) groups=1000(dlg) d...@chaos:~$ tokens Tokens held by the Cache Manager: User's (AFS ID 1000) tokens for a...@dsrw.org [Expires Feb 25 21:28] --End of list-- d...@chaos:~$ keyctl show Session Keyring -3: key inaccessible (Function not implemented) d...@chaos:~$ --david -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
