[91] in athena10
PAM, schroot, and debathenificator
daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Fri Feb 22 00:36:45 2008
Date: Fri, 22 Feb 2008 00:36:01 -0500 (EST)
From: ghudson@MIT.EDU
Message-Id: <200802220536.m1M5a1hK001697@outgoing.mit.edu>
To: athena10@mit.edu
debathenificator runs commands like:
schroot -c "$chroot" -- apt-get -d source "$name"
and expects apt-get to be able to write the results into the current
AFS directory. Unfortunately, that does not work with current schroot
in the default configuration, because it creates a PAM session which
winds up invoking pam_athena_locker which creates a fresh pag with no
tokens in it.
The workaround is to edit /etc/pam.d/schroot, comment out:
@include common-session
and add:
# Basic pam_unix session module in place of common-session.
session required pam_unix.so
If you don't add a dummy session module of some kind, it falls back to
/etc/pam.d/other which winds up invoking pam_athena_locker anyway.
