Is it possible (and it may be more general) to use kswitch ?
Something like:
#!/usr/bin/bash
if [ $(id -u %i) -ge 10000 ]; then
kswitch -p $(id -u %i)
aklog
fi
exec /path/to/systemd --user
Giovanni
On 06/06/23 13:38, [email protected] wrote:
I have no idea what exactly is messing up what part, but we also have home
directories on AFS and use the following solution for several years now.
Replace the ExecStart line of the [email protected] with the following script:
#!/usr/bin/bash
if [ $(id -u %i) -ge 10000 ]; then
export KRB5CCNAME=/PATH/TO/CACHE-DEPENDING-ON-$(id -u %i)
aklog
fi
exec /path/to/systemd --user
You must use the same fixed Kerberos cache files in PAM, obviously.
You should set up a token refresh user service, so that the systemd user
session does not die due to missing filesystem access.
We also circumvent issues with PAGs by not using them. I would be interested to
know, whether this approach works with PAGs.
Regards,
–Michael
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Giovanni Bracco
phone +39 351 8804788
E-mail [email protected]
WWW http://www.afs.enea.it/bracco
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
