Your best bet, probably, is to change sudo to not create a PAG. I don't know the magic pam_afs incantation.. Perhaps -no-setpag?
-derek "Frank Bagehorn" <[EMAIL PROTECTED]> writes: > Ok, let's try it: > First case (asks for password): > [heidegg]/u/fba1$ id > uid=24642(fba1) gid=202(is) groups=34051,44605,202(is) > [heidegg]/u/fba1$ sudo su - > AFS Password: > [root@heidegg /root]# id > uid=0(root) gid=0(root) > >groups=34051,44606,0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),12(mail),224(imnadm),11(news) > > Second case: > [heidegg]/u/fba1$ id > uid=24642(fba1) gid=202(is) groups=34051,44605,202(is) > [heidegg]/u/fba1$ sudo su - > [root@heidegg /root]# id > uid=0(root) gid=0(root) > >groups=34051,44605,0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),12(mail),224(imnadm),11(news) > > You're right. In the first case one of the magic groups is different, in > the second case it's not. > > Frank > > ---------------------------------------------------------------------- > Dr. Frank Bagehorn > IBM Zurich Research Lab. > Saeumerstr. 4 > CH-8803 Rueschlikon > Switzerland > ---------------------------------------------------------------------- > SMTP: [EMAIL PROTECTED] > Notes: Frank Bagehorn/Zurich/IBM@IBMCH > phone: ++41 (01) 724 83 23 fax: ++41 (01) 724 89 59 > > > > Derek Atkins <[EMAIL PROTECTED]> > 03/27/2002 15:57 > Please respond to Derek Atkins > > > To: Frank Bagehorn/Zurich/IBM@IBMCH > cc: [EMAIL PROTECTED] > Subject: Re: [OpenAFS-devel] Get no token when su-ing with sudo > > > It looks like sudo is calling AFS in such a way that when it asks for > the password it creates a new PAG (but does not refresh the token) > whereas when sudo does not ask for a password it skips the AFS module > and therefore does not create a new PAG. > > You could verify this theory by calling "id" before and after you sudo > commands. The first time, where you don't have tokens, I bet the > PAG-magic-groups will be different, but in the second case, where you > do still have tokens, I bet they are they same. > > -derek > > -- > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory > Member, MIT Student Information Processing Board (SIPB) > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH > [EMAIL PROTECTED] PGP key available > > > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH [EMAIL PROTECTED] PGP key available _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
