[7827] in athena10
Re: [Debathena] #928: cluster logins don't get tokens (and fail) on
daemon@ATHENA.MIT.EDU (Debathena Trac)
Mon Jul 11 12:09:46 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: kaduk@mit.edu, jdreed@mit.edu
Date: Mon, 11 Jul 2011 16:09:38 -0000
Reply-To:
Message-ID: <051.b6f63939e5f3df7f340a60b79b47c284@mit.edu>
In-Reply-To: <042.7ac79809edbb083fbe5282f8331e4fa2@mit.edu>
Content-Transfer-Encoding: 8bit
#928: cluster logins don't get tokens (and fail) on natty---------------------+------------------------------------------------------
Reporter: kaduk | Owner:
Type: defect | Status: new
Priority: blocker | Milestone: Natty Beta
Component: -- | Keywords:
See_also: |
---------------------+------------------------------------------------------
Comment(by jdreed):
Replying to [comment:4 kaduk]:
> So, we can blame the schroot version for the source of the problem, but
will probably still need to use the workaround of inserting KRB5CCNAME
into the PAM environment ourself.
I naively tried this using /etc/security/pam_env.conf and could not
convince PAM to copy KRB5CCNAME into the environment. I did succeed in
setting KRBNAME=$KRB5CCNAME in snapshot-run, and then setting
KRB5CCNAME=$KRBNAME in pam_env.conf, but I still don't end up with tokens.
Not sure what I'm missing. And the "debug" arg for pam_env appears to be
full of lies. Adding an explicit aklog in Xsession.debathena-orig works,
of course, but is wrong.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/928#comment:5>Debathena <http://debathena.mit.edu/>MIT Debathena Project
