Problem with AFS token and sudo in Jessie
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
I'm using Debian jessie with openAFS and Kerberos. I found a strange
behaviour that I could not pin down to a single package so far, maybe
somebody has any ideas:
The AFS token is gone after using sudo, first looking very
similar to the (solved) bug #621496 from 2011. After each sudo command,
one needs to use "aklog" to get a new AFS token.
Yet, I suspect that the bug is different from the 2011 one:
First, it not only happens for passwordless sudo, but also when the
user is forced to enter the password.
Second, I have a PC running with Jessie that does not show this bug -
this Jessie wasn't upgraded for some time (around September 2014).
Another PC which is up-to-date shows this bug, as well as a new
installation I did recently (which is also up-to-date). The config
files or our Kerberos/AFS setup did not change since I setup this PC,
only the packages were upgraded with apt-get. The problem now is: The
version of the libpam-afs-session package is the same in the working
and the non-working image.
In addition, I selectivly upgraded the openafs-krb5 and the
openafs-client as well as openafs-modules-dkms to the most recent
version in Jessie (the "starting point" see below). This did not
introduce the bug - sudo is still working as intended.
Since I'm not too familiar with AFS/Kerberos/PAM I decided to ask you if
you have any ideas what I could try to pin down the reason for this? Any
packages to upgrade to see if they are responsible for this?
If I should provide more details / config files / information, please
let me know. I'll see if I find the time to do a test setup with sid
to check the newest version of the packages, but maybe my problem is
far easier and somebody knows what to do.
Best regards,
Christoph Schober
The following versions are from the (older) working image before
starting selective upgrades:
----
Versions of packages openafs-krb5 depends on:
ii libc6 2.18-7
ii libcomerr2 1.42.10-1
ii libk5crypto3 1.12.1+dfsg-1
ii libkrb5-3 1.12.1+dfsg-1
oo openafs-client 1.6.7-1
oo openafs-krb5 1.6.7-1
Linux version 3.14-1-amd64 (debian-kernel@lists.debian.org) (gcc
version 4.8.2 (Debian 4.8.2-21) ) #1 SMP Debian 3.14.4-1 (2014-05-13)
----
@@@@@@@
The information collected by reportbug when I thought to report the bug
to the openafs-krb5 package:
- -- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openafs-krb5 depends on:
ii libc6 2.19-13
ii libcomerr2 1.42.12-1
ii libk5crypto3 1.12.1+dfsg-15
ii libkrb5-3 1.12.1+dfsg-15
- --
Christoph Schober
GnuPG key Id 0x3B6914EB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUkUXgAAoJENHdu+iSulRgC0AP/RJk+SGt26jM40H1z0rS0JZh
3hv0wujYREM9OlRqrvlZdSpEb/3HIM2Z+FYCSleHX/+tcspEIluJO5NIRonZORGj
TXXU98KMG4q7uiqrPyUPzv6IBcFgf93ffGk2D2sPCTty/FW49FBfsPuNqn6rRtzj
2YtCnKtqGLlITT0+1oOH1grSuTMphDFnXEp9/QDiOmloeV5yNF/jKMb9wBQLNGmP
8mxUa7ofzvkoqbFAZEL6XtirPEBa8pD+Nxl9vvppaNLUSfkxKmyQFEikR/CTIkmf
oUbL+oLVKFjwh1Z9aq9CBRvrYRicN+HUUPipJVzuIVAXxHVCiFVRjV6QFDzyidlZ
d/U4nq9GqVTQtTwiLTkI2xG+MiZyxSh3s87C1EihD7NOyly9HD7BuXcx9hyr98WB
cjtSaQoJIl+izFQ0tGECJsevva37oGtcpHe3jmCFJbl2rk8N8/NU5XnnAtee8mk7
wUbi8JJDgzsRhP8UgQcjBl7/p1WgoP1kXsARTJvjqSqQPjIDfqzwLMjuF0DUBBel
pixn/UclW6ebuqXjMyfMdUC1trp9ewUj3b+ujlE5vfdAVoDgCkqd5jRDDVdsBilh
uNloVdu/UeisKt5xDcN1yLEImOHBIYBZZT2AL9hcMVSGQVBJ5Kgh7ajznxmqZMvC
pm07NvoqrSakE2T25kdA
=viZ9
-----END PGP SIGNATURE-----
Reply to: