Bug#846377: [systemd] /lib/systemd/systemd --user starts dbus-daemon without AFS token
Russ Allbery
rra at debian.org
Wed Nov 30 22:12:53 GMT 2016
Felipe Sateler <fsateler at debian.org> writes:
> On 30 November 2016 at 17:30, Russ Allbery <rra at debian.org> wrote:
>> I don't suppose there's any way to get systemd --user to open a PAM
>> session on behalf of the user before starting to run programs? That
>> would probably solve the problem (although there may still be some
>> complications in making sure it has correct visibility to the Kerberos
>> ticket cache).
> systemd --user does open a pam session (with the systemd-user name).
> Maybe the problem is that libpam-afs-session (is this the right
> module?) registers itself in the common-session include file but
> systemd-user loads only common-session-noninteractive ?
That's the right module. Hm, yeah, it's probably a combination of that
plus the fact that it doesn't know how to find the Kerberos ticket cache
and therefore can't get a token.
It's a little weird to me that systemd --user loads
common-session-interactive and then apparently starts xterms in this
particular situation. Those are kind of interactive. But presumably it's
assuming xterm will open its own interactive session?
Anyway, it certainly could be registered in -noninteractive (there was
some reason why I didn't do that), but I think the Kerberos ticket cache
problem will still be an issue. Is there some mechanism to convey the
value of KRB5CCNAME from the user's login environment to systemd --user?
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-systemd-maintainers
mailing list