On Mar 17, 2010, at 10:52 PM, emat...@yahoo.com wrote:
> My version of Linux is Fedora 12 x86_64. Here is my /etc/pam.d/su:
>
> #%PAM-1.0
> auth sufficient pam_rootok.so
> # Uncomment the following line to implicitly trust users in the "wheel" group.
> #auth sufficient pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the "wheel" group.
> #auth required pam_wheel.so use_uid
> auth include system-auth
> account sufficient pam_succeed_if.so uid = 0 use_uid quiet
> account include system-auth
> password include system-auth
> session include system-auth
> session optional pam_xauth.so
>
> Since pam_afs_session.so is not listed, I'd guess you are right, and that is
> not the source of the delay.
>
> If any other thoughts come to mind, let me know.
>
May be it's a problem with xauth and home directory on AFS. The PAM module
pam_xauth runs something like
xauth -f /afs/psi.ch/user/g/gsell/.Xauthority nlist pc4506/unix:10.0
but at this moment you don't have write access to your home directory any more:
stat64("/afs/psi.ch/user/g/gsell/.Xauthority-c", 0xbfa96b80) = -1 ENOENT (No
such file or directory)
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
open("/afs/psi.ch/user/g/gsell/.Xauthority-c", O_WRONLY|O_CREAT|O_EXCL, 0600) =
-1 EACCES (Permission denied)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({2, 0}, {2, 0}) = 0
write(2, "xauth: timeout in locking autho"..., 79xauth: timeout in locking
authority file /afs/psi.ch/user/g/gsell/.Xauthority
) = 79
exit_group(1) = ?
So one call to xauth takes 20 seconds before timing out. The pam_xauth calls
xauth more than once ...
Achim
> Thanks,
> eric
>
> --- On Wed, 3/17/10, Russ Allbery <r...@stanford.edu> wrote:
>
>> From: Russ Allbery <r...@stanford.edu>
>> Subject: Re: [OpenAFS] significant delay for afs user to login as root via su
>> To: emat...@yahoo.com
>> Cc: "Simon Wilkinson" <s...@inf.ed.ac.uk>, openafs-info@openafs.org
>> Date: Wednesday, March 17, 2010, 4:48 PM
>> emat...@yahoo.com
>> writes:
>>
>>> Well, there's nothing in /var/log/messages
>> either. As for checking the
>>> PAM configuration for su, can you elaborate? I'm
>> a beginner at this, so
>>> you may have to provide details.
>>
>> I don't know what version of Linux you're using, but as a
>> general rule of
>> thumb, look in /etc/pam.d/su and make sure that it's
>> including your shared
>> PAM configuration that you're thinking you're using and you
>> don't have
>> some other reference to pam_afs_session in there that
>> doesn't have the
>> debug line.
>>
>> Failing that, well, all the evidence so far indicates that
>> pam_afs_session
>> isn't being run at all for su, and hence can't be the
>> source of your
>> problems.
>>
>> --
>> Russ Allbery (r...@stanford.edu)
>> <http://www.eyrie.org/~eagle/>
>>
>
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
