Arne Nordmark <[EMAIL PROTECTED]> writes: > Package: openafs-modules-source > Version: 1.4.2-2 > Severity: normal
> aklog -setpag no longer works with the kernel module from 1.4.2-2. This > breaks libpam-openafs-session, so users no longer get token upon login. Unfortunately, this was an intentional upstream change and it may not be possible to restore this behavior safely. Apparently the intrusive manipulation of the Linux kernel required to add one's parent process to a new group is nasty enough that it was causing race conditions and was becoming hard to maintain. It's also a disgusting hack that the kernel developers are never going to want to support. Writing a new AFS PAM module that doesn't require this hack is at the top of my priority list, and I will do what I can to get a fix for this into etch, probably by teaching libpam-openafs-session how to create the PAG itself directly. This is hard to do in general, but on Linux with a current OpenAFS client the interface via /proc/fs/openafs/afs_ioctl is simple enough that we may be able to use it directly as a workaround until we have a more general solution. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
