On 8/17/2018 8:44 PM, Prasad K. Dharmasena wrote: > Thanks for the pointer. I did 'dpkg -r dbus-user-session' and > rebooted. Now 'pam-afs-session' does the right thing and obtains a token. > > However, @poettering points out in the systemd/issues/7261 thread, > > Are there any downsides? > > Yes, many. You turned off user service management entirely. Hence > "systemctl --user" and all that stuff won't work anymore.
Prasad, User service management (USM) is incompatible with the creation of a new process authentication group (PAG) for each user login session. USM relies upon the assumption that all processes running with the same UID share the same security context including network authentication tokens. pam_afs_session "nopag" should be used in conjunction with USM. Jeffrey Altman
<<attachment: jaltman.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
