Am 26.07.2013 16:40, schrieb Mike Gabriel: > Package: x2goserver > Version: 4.0.1.3 By now it's 4.0.1.6-0~x2go1+wheezy~main~712~build1, but the problem persists. > Is there any environment variable that we have to set before we can > access the home directory of the user? > > My guess is that we have to set at least > > export KRB5CCNAME=??? > > Maybe any other env var for the AFS token? No, that should not be necessary. KRB5CCNAME is set by pam_krb5.so. pam_afs_session.so in turn uses this to obtain an AFS token, then associates it with a new Process Authentication Group. The PAG ID is stored in the group array for the session, i.e. "id" shows an additional artificial group id. In fact this all works flawlessly on initial login, it's only on resume where it fails. It occurs to me now that both KRB5CCNAME and PAG are per-session rather than per-user, so that might be the cause for this problem (but I'm really just guessing here). Is there a detailed description of the resume process? Does it involve any shell scripts or similar I could hook into in order to log additional information? I'm attaching /var/log/user.log as well as the client output from a failed resume attempt, maybe this offers some clues. Thanks, Sebastian