[OpenAFS] significant delay for afs user to login as root via su
Achim Gsell
achim.gsell@psi.ch
Thu, 18 Mar 2010 14:14:23 +0100
On Mar 18, 2010, at 1:59 PM, Harald Barth wrote:
>=20
>> I'm not sure I see the value of putting a file that's part of a
>> distributed network filesystem in a local directory.
>=20
> First: The .Xauthority file is only used locally on your machine, why
> would you need it in AFS?
You don't need it on AFS. It's just the default location where =
pam_xauth stores it and no option is available to change this. The only =
solution (I see) is to write a xauth-wrapper, which can be passed to the =
pam_xauth via xauthpath=3D/path/to/xauth.
>=20
> Second: If we now can agree that .Xauthority does not need to be in
> AFS, why not put it in /tmp and get better security? If /tmp is a
> memory file system, the better.
Correct!
Achim