david l goodrich <d...@dsrw.org> writes:
> On Tue, Feb 24, 2009 at 06:49:10PM -0800, Russ Allbery wrote:
>> The extra high-numbered group won't necessarily show up, since PAGs are
>> really based on keyrings. If you run tokens, what is its output?
>
> oh, right, sorry. I am also running `tokens`. No dice.
> d...@chaos:~$ tokens
>
> Tokens held by the Cache Manager:
>
> --End of list--
> d...@chaos:~$
>
>> keyctl show will also show you the underlying keyring of the PAG.
>
> I didn't know about keyctl, so I have no idea if this is a normal
> case for 'no PAGs':
>
> d...@chaos:~$ keyctl show
> Session Keyring
> -3: key inaccessible (Function not implemented)
> d...@chaos:~$
That indicates you have no PAG indeed. You should normally get something
like:
windlord:~> keyctl show
Session Keyring
-3 --alswrv 0 0 keyring: _ses.3882
975847253: key inaccessible (Required key not available)
Hm. Well, I'm stumped... this works fine for me with OpenSSH and PAM in a
basically identical configuration, and your system logs say that the AFS
PAM module thinks everything is working correctly and there are no
problems.
I'm not sure what else to try. Clearly there's something different about
your system and your configuration that isn't happening on any of my
systems, but I'm not sure what it could be.
I assume that if you run pagsh you then have a PAG, and if you run aklog
inside that shell, you then have a token?
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
