Hi, just one (or three) question(s) out of curiosity :
Why don't you operate on the krb5-ticket-level? Wouldn't that be easier (and more portable to other systems) ? Any specific reason for that ? Christof Andreas Haupt wrote: > Hi Derek, hi Chas, > > On Tue, 20 Mar 2007, chas williams - CONTRACTOR wrote: > >> In message <[EMAIL PROTECTED]>,Andreas >> Haupt write >> s: >>> I can have full access to the PAG environment SGE has created. How can I >>> "transfer" the PAG now to a second "virgin" environment. As an example I >>> have two sessions and I want the second session to be in the same PAG as >>> the first session: >> >> you can't. you will note that the key/pag doesnt allow you to read it. >> this was intentional. i dont know much about SGE. how did qrsh >> (or the shepherd) create the new session keyring? a pam module? > > It's calling pagsh.krb (or any other program you want). > > But ok, I've found the delinquent: pam_keyinit.so. It's configured with > the force flag by default in /etc/pam.d/sshd which removes all existent > sessions. > > session optional pam_keyinit.so force revoke > > Changing it to > > session optional pam_keyinit.so revoke > > does the trick. SGE's PAG environment won't get destroyed any more. Thanks. > > Andreas > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
