[7824] in athena10
Re: [Debathena] #928: cluster logins don't get tokens (and fail) on
daemon@ATHENA.MIT.EDU (Debathena Trac)
Sun Jul 10 18:41:58 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: kaduk@mit.edu, jdreed@mit.edu
Date: Sun, 10 Jul 2011 22:41:49 -0000
Reply-To:
Message-ID: <051.f3dd6b04c4e21f783d2759beec588796@mit.edu>
In-Reply-To: <042.7ac79809edbb083fbe5282f8331e4fa2@mit.edu>
Content-Transfer-Encoding: 8bit
#928: cluster logins don't get tokens (and fail) on natty---------------------+------------------------------------------------------
Reporter: kaduk | Owner:
Type: defect | Status: new
Priority: blocker | Milestone: Natty Beta
Component: -- | Keywords:
See_also: |
---------------------+------------------------------------------------------
Comment(by kaduk):
I was being silly -- the
{{{
D(2): pam_putenv: set KRB5CCNAME=FILE:/tmp/krb5cc_20922_JIjcZi
}}}
line I pasted to zephyr that shows KRB5CCNAME being set in the PAM
environment on a lucid cluster machine is clearly debugging output from
schroot, where schroot itself is setting up a pam environment. In natty's
schroot (1.4.17), this is a "minimal environment" which includes just
HOME, LOGNAME, PATH, SHELL, and USER; the version 1.4.0 in lucid must have
been less minimal, no matter the lack of a changelog entry.
So, we can blame the schroot version for the source of the problem, but
will probably still need to use the workaround of inserting KRB5CCNAME
into the PAM environment ourself.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/928#comment:4>Debathena <http://debathena.mit.edu/>MIT Debathena Project
