I wonder if I can request following features

1) compact graphic utility which displays time left on token, preferably 
in toolbars or docks.

2) edits of tokenwatch so that it issues a visible alert, like flashing 
background screen, that the token is about to expire, and spawn a 
command like

xterm -e klog

so that the user is given the opportunity to type in the password.

3) If the token does expire, I would like the program like thunderbird 
killed. A script like

#!/bin/csh

foreach  i (  `ps -u aki | grep thunderbird | awk '{print $1}' `)
kill -9  $i;  end

works for me, but it is clearly user dependent because of the use of ps 
-u USERNAME.

This too, if made part of tokenwatch, would be great.

Generally, if tokenwatch can be modified to provide access point, i.e. 
call to some user customizable shell scripts, which runs at something 
like 5-min prior to, and at the expiration of tokens, would be useful as 
needs and issues evolve, at least as far as I am concerned.

A different possible solution Sridhara suggested was to try to make 
thunderbird's cache area not requiring tokens for access (which I 
presume can be done using fs command?) I would like to explore that too 
as this is better than the hack I am suggesting above.

Generally, even without these hacks,  I can manage, as I have written 
several scripts for quickly killing processes and deleting lockfiles. 
But since the goal is to provide stable platform for average users, who 
shouldn't have to look under the hood at the level of PID's and 
dotfiles, can I ask that setting up of a stable desktop environment for 
reasonable range of user habits, including not always closing mail 
reading program, be a priority consideration especially when 
contemplating upgrading default supported OS, and to be in a lookout for 
alternative mail reading program where this AFS issue will not pose a 
problem?

-aki

The SL_firefox_parentlock_fix fix doesn't fix the problem we're
discussing.  It's for a different problem with firefox and AFS.

Aki: it's clear lots of much larger sites have not been abot to fix
this problem so we won't be able to either.  How about you just "klog"
every morning when you come in, and we distribute a "unlock-firefox"
shell script??

steve
--

 > ---- Original Message ----
 > From: rader@ginseng.hep.wisc.edu
 > 
 > Sigh.  The "fix" (SL_firefox_parentlock_fix RPM) doesn't work!  
 > 
 > Removing the lock and .parentlock (like your aliases do) is dangerous
 > because it allows you to run multiple instances of firefox which
 > could in turn corrupt your firefox files.
 > 
 > I've sent an email to the author of the fix asking for advise.  I'll
 > report more later.
 > 
 > steve
 > --
 >

Sigh.  The "fix" (SL_firefox_parentlock_fix RPM) doesn't work!  

Removing the lock and .parentlock (like your aliases do) is dangerous
because it allows you to run multiple instances of firefox which
could in turn corrupt your firefox files.

I've sent an email to the author of the fix asking for advise.  I'll
report more later.

steve
--

Thank you for the message.

I have /usr/local/thunerbird-new/thunderbird and

[aki@beebalm ~]$ which thunderbird
/usr/local/bin/thunderbird

I ran the diagnostic on both.

For the thunderbird-new:

> [aki@beebalm ~]$ /usr/local/thunderbird-new/thunderbird &
> [1] 29086
> [aki@beebalm ~]$ unlog
> [aki@beebalm ~]$ *** glibc detected *** corrupted double-linked list: 
> 0x08e3e5c0 ***
> /usr/local/thunderbird-new/run-mozilla.sh: line 131: 29094 Aborted    
> "$prog" ${1+"$@"}
>
> [1]    Exit 134                      
> /usr/local/thunderbird-new/thunderbird
> [aki@beebalm ~]$ klog
> Password:
> [aki@beebalm ~]$ /usr/local/thunderbird-new/thunderbird &
> [1] 29120


At this point, I get the "thunderbird is already running" error message. 
(Please see attachment). I have a script written now to delete the lock 
files in my alias.

> [aki@beebalm ~]$ alias
> l.      ls -d .* --color=tty
> ll      ls -l --color=tty
> ls      ls --color=tty
> m       more
> mozcl   (rm -rf 
> /afs/hep.wisc.edu/home/aki/.mozilla/firefox/ftfcl6z0.default/lock 
> /afs/hep.wisc.edu/home/aki/.mozilla/firefox/ftfcl6z0.default/.parentlock)
> thcl    (rm -rf 
> /afs/hep.wisc.edu/home/aki/.thunderbird/cmlipscu.default/lock 
> /afs/hep.wisc.edu/home/aki/.thunderbird/cmlipscu.default/.parentlock)
> vi      vim
> [1]    Done                          
> /usr/local/thunderbird-new/thunderbird
> [aki@beebalm ~]$ thcl
> [aki@beebalm ~]$ /usr/local/thunderbird-new/thunderbird &
> [1] 29135

At this point, (after thcl cleared the lock files) the 
/usr/local/thunderbird-new/thunderbird did run. Now for 
/usr/local/bin/thunderbird

> [aki@beebalm ~]$ thunderbird &
> [2] 29156
> [1]    Done                          
> /usr/local/thunderbird-new/thunderbird
> [aki@beebalm ~]$ *** loading the extensions datasource
> *** ExtensionManager:_updateManifests: no access privileges to 
> application directory, skipping.
> *** loading the extensions datasource
> *** ExtensionManager:_updateManifests: no access privileges to 
> application directory, skipping.
>
> [aki@beebalm ~]$ unlog
> [aki@beebalm ~]$ *** glibc detected *** double free or corruption 
> (!prev): 0x09485d90 ***
> /usr/local/thunderbird/run-mozilla.sh: line 159: 29173 
> Aborted                 "$prog" ${1+"$@"}
>
> [2]    Exit 134                      thunderbird
> [aki@beebalm ~]$ klog
> Password:
> [aki@beebalm ~]$ thunderbird &
> [1] 29199
> [aki@beebalm ~]$ /usr/local/thunderbird-new/thunderbird &
> [2] 29225
> [1]    Done                          thunderbird

As you can see, there were strings of error messages, but the clearing 
of the lock-files did not appear to be necessary.

-aki

Hi Aki,

It appears there is conflict between the configuration file
locking scheme used in Firefox and Thunderbird and the AFS locking
implementation.

I've installed a fix for the problem on beebalm.  Can you please
try it out and report back?   You should be able to do...

 thunderbird &
 unlog
 [exit thunderbird]
 klog
 thunderbird &

now.

steve
---


 > ---- Original Message ----
 > From: Akikazu Hashimoto via UW-HEP Help System <help@hep.wisc.edu>
 > 
 > One more diagnostic:
 > 
 > when I "quit" (using the "file" menu) and restart firefox, I get the 
 > error message
 > 
 > "Firefox is already running, but is not responding. To open a new 
 > window, you must first close the existing Firefox process, or restart 
 > your system."
 > 
 > This seems to be an indication that lock files are not handled very well 
 > by firefox, and since both thunderbird and firefox are descendent of 
 > mozilla, there is something related going on.
 > 
 > At the very least, the fact that firefox lock files needs to be deleted 
 > manually is something that I think should be fixed for general usership.
 > 
 > ______________________________________
 > UW-HEP Help System <help@hep.wisc.edu>
 > <https://help.hep.wisc.edu/issue5149>
 > ______________________________________

One more diagnostic:

when I "quit" (using the "file" menu) and restart firefox, I get the 
error message

"Firefox is already running, but is not responding. To open a new 
window, you must first close the existing Firefox process, or restart 
your system."

This seems to be an indication that lock files are not handled very well 
by firefox, and since both thunderbird and firefox are descendent of 
mozilla, there is something related going on.

At the very least, the fact that firefox lock files needs to be deleted 
manually is something that I think should be fixed for general usership.

I don't know if this is necessarily useful, but usually when thunderbird 
hangs, there is a message like this

 *** glibc detected *** malloc(): memory corruption: 0x0058c008 ***

in a terminal where thunderbird was started.

-aki

Yea, the screen locking program doesn't know about AFS tokens,
and we really don't have the resources to add that functionality.

Please run "klog" after you unlock.

steve
--

 > ---- Original Message ----
 > From: Akikazu Hashimoto via UW-HEP Help System <help@hep.wisc.edu>
 > 
 > Thank you for the input, Sridhara,
 > 
 > I do think the machine gets locked automatically when it is idle, but 
 > the typing of the password does not seem to reactivate the token. 
 > Coupling the two would be a viable solution as far as I am concerned.
 > 
 > -aki
 > 
 > Sridhara Dasu wrote:
 > > Dear Aki,
 > >
 > > The problem is not that computers are unable to handle the situation.
 > > It is just that humans have declared that tokens should expire on
 > > a regular basis.  The only way to renew the token is to authenticate
 > > by typing the password again.  The idea is that a person who snoops
 > > into your office during your long absence can steal some of your
 > > privileges.  To be safe one should lock/unlock every time one leaves
 > > the machine!  I think making tokens of 24 hours validity is a
 > > compromise that was imposed on us.  I think making the tokens last
 > > any longer is not very productive.  My suggestion is to lock the
 > > screen automatically, and make the screen unlocking, which requires
 > > typing in password, automatically acquire a token.
 > >
 > > Sridhara
 > >
 > > ---------------------------------------------------------------------
 > > Prof. Sridhara Rao Dasu                         Department of Physics
 > > dasu@hep.wisc.edu                             University of Wisconsin
 > > http://www.hep.wisc.edu/~dasu                    4289 Chamberlin Hall
 > > 608-262-3678 ( Office )                        1150 University Avenue
 > > 408-829-6625 (Wireless)                        Madison, WI 53706, USA
 > >
 > >
 > > On Mar 10, 2008, at 11:17 AM, Akikazu Hashimoto via UW-HEP Help System 
 > > wrote:
 > >
 > >>
 > >> Thanks for the reply.
 > >>
 > >> I consider mail client as a program which runs in the background. I am
 > >> not engaged in it actively all the time, but respond to alerts. Since
 > >> situations of being away from the desk/office happens quite
 > >> intermittently in a typical day, paying attention to closing the
 > >> application every time (or paying attention to when the AFS token are
 > >> likely to expire) seems like unnecessary user involvement on something
 > >> which computers are otherwise very good at handling.
 > >>
 > >> -aki
 > >>
 > >> ----------
 > >> status: resolved -> chatting
 > >>
 > >> ______________________________________
 > >> UW-HEP Help System <help@hep.wisc.edu>
 > >> <https://help.hep.wisc.edu/issue5149>
 > >> ______________________________________
 > >
 > 
 > ______________________________________
 > UW-HEP Help System <help@hep.wisc.edu>
 > <https://help.hep.wisc.edu/issue5149>
 > ______________________________________

Thank you for the input, Sridhara,

I do think the machine gets locked automatically when it is idle, but 
the typing of the password does not seem to reactivate the token. 
Coupling the two would be a viable solution as far as I am concerned.

-aki

Sridhara Dasu wrote:
> Dear Aki,
>
> The problem is not that computers are unable to handle the situation.
> It is just that humans have declared that tokens should expire on
> a regular basis.  The only way to renew the token is to authenticate
> by typing the password again.  The idea is that a person who snoops
> into your office during your long absence can steal some of your
> privileges.  To be safe one should lock/unlock every time one leaves
> the machine!  I think making tokens of 24 hours validity is a
> compromise that was imposed on us.  I think making the tokens last
> any longer is not very productive.  My suggestion is to lock the
> screen automatically, and make the screen unlocking, which requires
> typing in password, automatically acquire a token.
>
> Sridhara
>
> ---------------------------------------------------------------------
> Prof. Sridhara Rao Dasu                         Department of Physics
> dasu@hep.wisc.edu                             University of Wisconsin
> http://www.hep.wisc.edu/~dasu                    4289 Chamberlin Hall
> 608-262-3678 ( Office )                        1150 University Avenue
> 408-829-6625 (Wireless)                        Madison, WI 53706, USA
>
>
> On Mar 10, 2008, at 11:17 AM, Akikazu Hashimoto via UW-HEP Help System 
> wrote:
>
>>
>> Thanks for the reply.
>>
>> I consider mail client as a program which runs in the background. I am
>> not engaged in it actively all the time, but respond to alerts. Since
>> situations of being away from the desk/office happens quite
>> intermittently in a typical day, paying attention to closing the
>> application every time (or paying attention to when the AFS token are
>> likely to expire) seems like unnecessary user involvement on something
>> which computers are otherwise very good at handling.
>>
>> -aki
>>
>> ----------
>> status: resolved -> chatting
>>
>> ______________________________________
>> UW-HEP Help System <help@hep.wisc.edu>
>> <https://help.hep.wisc.edu/issue5149>
>> ______________________________________
>

Dear Aki,

The problem is not that computers are unable to handle the situation.
It is just that humans have declared that tokens should expire on
a regular basis.  The only way to renew the token is to authenticate
by typing the password again.  The idea is that a person who snoops
into your office during your long absence can steal some of your
privileges.  To be safe one should lock/unlock every time one leaves
the machine!  I think making tokens of 24 hours validity is a
compromise that was imposed on us.  I think making the tokens last
any longer is not very productive.  My suggestion is to lock the
screen automatically, and make the screen unlocking, which requires
typing in password, automatically acquire a token.

Sridhara

---------------------------------------------------------------------
Prof. Sridhara Rao Dasu                         Department of Physics
dasu@hep.wisc.edu                             University of Wisconsin
http://www.hep.wisc.edu/~dasu                    4289 Chamberlin Hall
608-262-3678 ( Office )                        1150 University Avenue
408-829-6625 (Wireless)                        Madison, WI 53706, USA


On Mar 10, 2008, at 11:17 AM, Akikazu Hashimoto via UW-HEP Help System  
wrote:

>
> Thanks for the reply.
>
> I consider mail client as a program which runs in the background. I am
> not engaged in it actively all the time, but respond to alerts. Since
> situations of being away from the desk/office happens quite
> intermittently in a typical day, paying attention to closing the
> application every time (or paying attention to when the AFS token are
> likely to expire) seems like unnecessary user involvement on something
> which computers are otherwise very good at handling.
>
> -aki
>
> ----------
> status: resolved -> chatting
>
> ______________________________________
> UW-HEP Help System <help@hep.wisc.edu>
> <https://help.hep.wisc.edu/issue5149>
> ______________________________________

Thanks for the reply.

I consider mail client as a program which runs in the background. I am 
not engaged in it actively all the time, but respond to alerts. Since 
situations of being away from the desk/office happens quite 
intermittently in a typical day, paying attention to closing the 
application every time (or paying attention to when the AFS token are 
likely to expire) seems like unnecessary user involvement on something 
which computers are otherwise very good at handling.

-aki

Hi Aki,

A doctor would say: if it hurts, then don't do it!

I think it's reasonable to have you to exit Thunderbird when you're
not using it.  Is there some reason why that's not a reasonable
expectation?

steve
--

 > ---- Original Message ----
 > From: Akikazu Hashimoto via UW-HEP Help System <help@hep.wisc.edu>
 > 
 > I have been using the new version of thunderbird which you inistalled 
 > for me, and I would like to report that the program continues to 
 > systematically hang when the AFS token expires.  It often requires 
 > manually killing the process and manually deleting file locks which are 
 > dot files.  While I can handle these problems as they occur, they are 
 > quite annoying. I imagine that digging for file locks are beyond what 
 > can be expected for general usership either. So I would like to request 
 > a more systematic solution. (possibly including finding an alternative 
 > default mail client recommended for the physics/hep afs community.
 > 
 > -aki
 > 
 > rader@ginseng.hep.wisc.edu wrote:
 > >  > >Re thunderbird: the version on the HEP cluster is three
 > >  > >years old!  How about I install the latest "off to the side"
 > >  > >on beebalm and you check into the "hangs hard when token 
 > >  > >expires" problem?
 > >  > >
 > >  > >steve
 > >  > >--
 > >   
 > >  > that sounds like a good idea.
 > >
 > > Okay, I put thunderbird 2.0.0.9 (released yesterday!) on beebalm.
 > > Please try...
 > >
 > >  /usr/local/thunderbird-new/thunderbird &
 > >  [...]
 > >  unlog
 > >  [...]
 > >  klog
 > >
 > > ...and report back?
 > >
 > > Thanks.
 > >
 > > steve
 > > --
 > >
 > >
 > 
 > ----------
 > group: IT
 > messages: 13768
 > nosy: ajit, dan, dasu, hashimoto, rader, radtke, wcmaier
 > priority: triage
 > status: unread
 > title: thunderbird and tokens
 > 
 > ______________________________________
 > UW-HEP Help System <help@hep.wisc.edu>
 > <https://help.hep.wisc.edu/issue5149>
 > ______________________________________

I have been using the new version of thunderbird which you inistalled 
for me, and I would like to report that the program continues to 
systematically hang when the AFS token expires.  It often requires 
manually killing the process and manually deleting file locks which are 
dot files.  While I can handle these problems as they occur, they are 
quite annoying. I imagine that digging for file locks are beyond what 
can be expected for general usership either. So I would like to request 
a more systematic solution. (possibly including finding an alternative 
default mail client recommended for the physics/hep afs community.

-aki

rader@ginseng.hep.wisc.edu wrote:
>  > >Re thunderbird: the version on the HEP cluster is three
>  > >years old!  How about I install the latest "off to the side"
>  > >on beebalm and you check into the "hangs hard when token 
>  > >expires" problem?
>  > >
>  > >steve
>  > >--
>   
>  > that sounds like a good idea.
>
> Okay, I put thunderbird 2.0.0.9 (released yesterday!) on beebalm.
> Please try...
>
>  /usr/local/thunderbird-new/thunderbird &
>  [...]
>  unlog
>  [...]
>  klog
>
> ...and report back?
>
> Thanks.
>
> steve
> --
>
>