Re: [OpenAFS] OpenAFS with GDM in Ubuntu 22.04 (or 20.04)?
On 8/28/2022 3:14 AM, jukka.tuomi...@finndesign.fi wrote: Hi all, I wonder if anybody has OpenAFS client working with GDM in Ubuntu 22.04 (or 20.04)? That is, allowing users to log into their homedirs graphically. The underlying problem is that GDM heavily relies upon processes launched as children of "systemd --user" services. As a result they do not share the same session keyring as the child processes of login. The "systemd --user" expectation is that all processes executing as a "uid" have access to the same authentication credentials whether they be local or remote. In such an environment, AFS Process Authentication Groups (PAGs) cannot be created as a side-effect of login. Modify the pam configuration to disable PAG creation for GDM logins. If the expectation is that "sshd" logins should be separate from the desktop, then "sshd" logins can continue to create a PAG. Sincerely, Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] OpenAFS with GDM in Ubuntu 22.04 (or 20.04)?
Thank you Dirk, sad to hear, but at least I know now not to waste more time banging my head against the wall. SDDM is new to me, I'll look into it. br, jukka Dirk Heinrichs kirjoitti 2022-08-28 10:59: jukka.tuomi...@finndesign.fi: I wonder if anybody has OpenAFS client working with GDM in Ubuntu 22.04 (or 20.04)? That is, allowing users to log into their homedirs graphically. You can't. Most of the Gnome stuff nowadays heavily depends on systemctl --user which doesn't work when $HOME is in /afs (because systemd starts the systemctl --user separate from the user session and thus it doesn't get a token at login). Unfortunately, systemd folks are not willing to fix this nonsense. SDDM works fine, though. HTH... Dirk ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] OpenAFS with GDM in Ubuntu 22.04 (or 20.04)?
jukka.tuomi...@finndesign.fi: I wonder if anybody has OpenAFS client working with GDM in Ubuntu 22.04 (or 20.04)? That is, allowing users to log into their homedirs graphically. You can't. Most of the Gnome stuff nowadays heavily depends on systemctl --user which doesn't work when $HOME is in /afs (because systemd starts the systemctl --user separate from the user session and thus it doesn't get a token at login). Unfortunately, systemd folks are not willing to fix this nonsense. SDDM works fine, though. HTH... Dirk -- Dirk Heinrichs Matrix-Adresse: @heini:chat.altum.de GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049 Privacy Handbuch: https://www.privacy-handbuch.de OpenPGP_signature Description: OpenPGP digital signature
Re: [OpenAFS] Limiting mount point to known cells
Ingo van Lil: git tries to access the directory /afs/.git, and I see that afsd sends multiple DNS requests to the loopback address 127.0.0.53. Not sure why it does that, it seems to be somehow related to systemd-resolved in Fedora Linux. Yes, systemd-resolved provides a local caching DNS server on that address and configures /etc/resolv.conf (by symlinking it to its own file in /run) to use it. HTH... Dirk -- Dirk Heinrichs Matrix-Adresse: @heini:chat.altum.de GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049 Privacy Handbuch: https://www.privacy-handbuch.de OpenPGP_signature Description: OpenPGP digital signature
[OpenAFS] OpenAFS with GDM in Ubuntu 22.04 (or 20.04)?
Hi all, I wonder if anybody has OpenAFS client working with GDM in Ubuntu 22.04 (or 20.04)? That is, allowing users to log into their homedirs graphically. I have an old virtualised setup that still works beautifully, however, several OS-version upgrades breaks it and I haven't been able to build one from a new installation either. I've spent so much time googling and tweaking without luck. And in addition to have it convenient for the users, I'd very much like it to safe and secure from the administrator's point of view. Having the pam settings all over the place doesn't seem to be the right path. I would very much appreciate any pointers to installation steps and/or working configurations etc. br, jukka ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
