X2Go Bug report logs - #272
[X2Go-User] Session resume fails with AFS home directories

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Fri, 26 Jul 2013 14:48:01 UTC

Severity: normal

Found in version

Full log

🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#272: [X2Go-User] Session resume fails with AFS home directories
Reply-To: Sebastian Flothow <sebastian.flothow@gip.com>, 272@bugs.x2go.org
Resent-From: Sebastian Flothow <sebastian.flothow@gip.com>
Resent-To: x2go-dev@lists.berlios.de
Resent-CC: X2Go Developers <x2go-dev@lists.berlios.de>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 16 Sep 2013 14:33:01 +0000
Resent-Message-ID: <handler.272.B272.137934156126514@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 272
X-X2Go-PR-Package: x2goserver
Received: via spool by 272-submit@bugs.x2go.org id=B272.137934156126514
          (code B ref 272); Mon, 16 Sep 2013 14:33:01 +0000
Received: (at 272) by bugs.x2go.org; 16 Sep 2013 14:26:01 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
X-Greylist: delayed 508 seconds by postgrey-1.34 at ymir; Mon, 16 Sep 2013 16:26:00 CEST
Received: from hermes.gip.com (hermes.gip.com [])
	by ymir (Postfix) with ESMTP id 915EA5DA79
	for <272@bugs.x2go.org>; Mon, 16 Sep 2013 16:26:00 +0200 (CEST)
Received: from localhost (localhost [])
	by hermes.gip.com (Postfix) with ESMTP id 1BAAE17E8056;
	Mon, 16 Sep 2013 16:17:32 +0200 (CEST)
Received: from hermes.gip.com (localhost [])
	by localhost (AvMailGate- id 19177-WvIBVe;
	Mon, 16 Sep 2013 14:17:32 -0000
Received: from [] (devlin042.gip.local [])
	by hermes.gip.com (Postfix) with ESMTPSA id 154FD17E8056;
	Mon, 16 Sep 2013 16:17:32 +0200 (CEST)
Message-ID: <523712FB.2060200@gip.com>
Date: Mon, 16 Sep 2013 16:17:31 +0200
From: Sebastian Flothow <sebastian.flothow@gip.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: 272@bugs.x2go.org
CC: x2go-user@lists.berlios.de
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiVirus: checked by Avira MailGate (version:; AVE:; VDF:; host: hermes); id=19177-WvIBVe
I did some further testing, and the resume failures are indeed due to 
missing AFS tokens. When suspending a session, the SSH connection is 
closed, sshd will call pam_close_session(), which means that pam_krb5 
and pam_afs_session will delete the user's ticket/token (resp.). The 
session therefore loses access to the home directory and appears to 
freeze up, preventing it from being resumed.

Both pam_krb5 and pam_afs_session accept retain_after_close as a 
parameter, which disables the delete-on-close behavior. With this 
parameter set, it becomes possible to resume sessions, unless the AFS 
token has expired.

This solves at least the case where the user reconnects quickly (eg. 
after a short network outage), but it still means sessions will become 
unresumable when left unused for a few days. I guess the only way to 
avoid this is to not store session data in the home directory. Can X2go 
be configured such that it uses eg. /tmp or /var/lib for this purpose?

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Apr 24 22:49:19 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.