#272 - [X2Go-User] Session resume fails with AFS home directories

X2Go Bug report logs - #272
[X2Go-User] Session resume fails with AFS home directories

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Fri, 26 Jul 2013 14:48:01 UTC

Severity: normal

Found in version 4.0.1.3

Received: (at 272) by bugs.x2go.org; 29 Jul 2013 11:15:56 +0000
From sebastian.flothow@gip.com  Mon Jul 29 13:15:52 2013
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,
	URIBL_BLOCKED autolearn=ham version=3.3.2
X-Greylist: delayed 556 seconds by postgrey-1.34 at ymir; Mon, 29 Jul 2013 13:15:51 CEST
Received: from hermes.gip.com (hermes.gip.com [213.139.134.71])
	by ymir (Postfix) with ESMTP id 5EE5B5DB17
	for <272@bugs.x2go.org>; Mon, 29 Jul 2013 13:15:51 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by hermes.gip.com (Postfix) with ESMTP id 5A9B517E8056;
	Mon, 29 Jul 2013 13:06:42 +0200 (CEST)
Received: from hermes.gip.com (localhost [127.0.0.1])
	by localhost (AvMailGate-3.2.1.26) id 8460-nJ1dK7;
	Mon, 29 Jul 2013 11:06:42 -0000
Received: from [10.0.9.42] (devlin042.gip.local [10.0.9.42])
	by hermes.gip.com (Postfix) with ESMTPSA id 296A017E8056;
	Mon, 29 Jul 2013 13:06:42 +0200 (CEST)
Message-ID: <51F64CBA.8020209@gip.com>
Date: Mon, 29 Jul 2013 13:06:34 +0200
From: Sebastian Flothow <sebastian.flothow@gip.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: 272@bugs.x2go.org, mike.gabriel@das-netzwerkteam.de, 
 x2go-user@lists.berlios.de
Subject: Re: [X2Go-User] Session resume fails with AFS home directories
References: <51F274E2.3070403@gip.com> <20130726164006.17531y7k798urzgm@mail.das-netzwerkteam.de>
In-Reply-To: <20130726164006.17531y7k798urzgm@mail.das-netzwerkteam.de>
Content-Type: multipart/mixed;
 boundary="------------010802030103080004030806"
X-AntiVirus: checked by Avira MailGate (version: 3.2.1.26; AVE: 8.2.12.94; VDF: 7.11.93.160; host: hermes); id=8460-nJ1dK7

[Message part 1 (text/plain, inline)]

Am 26.07.2013 16:40, schrieb Mike Gabriel: > Package: x2goserver > Version: 4.0.1.3 By now it's 4.0.1.6-0~x2go1+wheezy~main~712~build1, but the problem persists. > Is there any environment variable that we have to set before we can > access the home directory of the user? > > My guess is that we have to set at least > > export KRB5CCNAME=??? > > Maybe any other env var for the AFS token? No, that should not be necessary. KRB5CCNAME is set by pam_krb5.so. pam_afs_session.so in turn uses this to obtain an AFS token, then associates it with a new Process Authentication Group. The PAG ID is stored in the group array for the session, i.e. "id" shows an additional artificial group id. In fact this all works flawlessly on initial login, it's only on resume where it fails. It occurs to me now that both KRB5CCNAME and PAG are per-session rather than per-user, so that might be the cause for this problem (but I'm really just guessing here). Is there a detailed description of the resume process? Does it involve any shell scripts or similar I could hook into in order to log additional information? I'm attaching /var/log/user.log as well as the client output from a failed resume attempt, maybe this offers some clues. Thanks, Sebastian

[client.txt (text/plain, attachment)]

[user.log (text/x-log, attachment)]

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:32:50 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

X2Go Bug report logs - #272 [X2Go-User] Session resume fails with AFS home directories

X2Go Bug report logs - #272
[X2Go-User] Session resume fails with AFS home directories