I have no idea what exactly is messing up what part, but we also have home directories on AFS and use the following solution for several years now.
Replace the ExecStart line of the [email protected] with the following script: #!/usr/bin/bash if [ $(id -u %i) -ge 10000 ]; then export KRB5CCNAME=/PATH/TO/CACHE-DEPENDING-ON-$(id -u %i) aklog fi exec /path/to/systemd --user You must use the same fixed Kerberos cache files in PAM, obviously. You should set up a token refresh user service, so that the systemd user session does not die due to missing filesystem access. We also circumvent issues with PAGs by not using them. I would be interested to know, whether this approach works with PAGs. Regards, –Michael _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
