[OpenAFS] Re: significant delay for afs user to login as root via su
Andrew Deason
adeason@sinenomine.net
Thu, 18 Mar 2010 10:55:39 -0500
On Thu, 18 Mar 2010 10:38:18 -0400
Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
> - Assuming you're using ssh (I am guessing that you are), convince
> sshd to write your Xauthority information somewhere else, like a
> file in /tmp (and make sure your XAUTHORITY environment variable is
> correct). I would guess this is possible, but I don't know if
> there's an easy way to do it.
I'm actually not sure if this is possible to do correctly (with existing
ssh, PAM, etc). pam_env.so and ssh's "set-the-environment" functionality
only take constant strings, from what I can tell. What I think you'd
want is a pam module that sets an environment variable to something
involving a bit of randomness (XAUTHORITY=`mktemp
/tmp/.Xauthority.XXXXXX`), or at the very least incorporates the users's
uid or username. But I don't think such a module exists.
Anyone want to write it? :) It would basically be a call to mkstemp()
and setting an environment var. This could also solve the problem Doug
Engert's pam_krb5_ccache.so module solves on Solaris, I think.
--
Andrew Deason
adeason@sinenomine.net