No, I do not. And that's with or without the session optional pam_xauth.so
in /etc/pam.d/su, and does not matter if I'm at the machine or logged in remotely. thanks, eric --- On Thu, 3/18/10, Ken Hornstein <k...@cmf.nrl.navy.mil> wrote: > From: Ken Hornstein <k...@cmf.nrl.navy.mil> > Subject: Re: [OpenAFS] significant delay for afs user to login as root via su > To: emat...@yahoo.com > Cc: openafs-info@openafs.org > Date: Thursday, March 18, 2010, 8:48 AM > >Ok, one other data point- I > should have mentioned in the very beginning that > >I'm actually logging into the machine in question > remotely, then issuing > >the su command. This seems to make a > difference. While I THOUGHT the > >problem occurred either way, now I'm finding that if I > actually sit down > >at the machine, log in via AFS, then enter su, there is > no delay (and no > >xauth warning either) regardless of pam_xauth being in > /etc/pam.d/su or not. > >It's only when I ssh to the machine remotely, then try > su that I see a > >delay if the pam_xauth line is in /etc/pam.d/su. > > Okay, that's a bit more data. > > We ran into this problem as well. The root cause of > the delay is that > the pam_xauth module is trying to copy you .Xauthority file > into root's > .Xauthority file ... and to do that it needs to create some > files in your > home directory as part of the .Xauthority locking, and it > can't do that > (because as root it can't read/write your home directory) > and it's > timing out as part of that. > > Try something else. After you su, run "tokens". > Do you get anything > listed? > > Given that it works fine when you log into the console, > what I _think_ > is happening is that you're not getting a PAG when you log > in remotely, > so your UID-based AFS token is not going with you when you > su to root. > > --Ken > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
