[OpenAFS] Re: significant delay for afs user to login as root
via su
Booker Bense
bbense@slac.stanford.edu
Thu, 18 Mar 2010 09:21:13 -0700 (PDT)
On Thu, 18 Mar 2010, Andrew Deason wrote:
>
> I'm actually not sure if this is possible to do correctly (with existing
> ssh, PAM, etc). pam_env.so and ssh's "set-the-environment" functionality
> only take constant strings, from what I can tell. What I think you'd
> want is a pam module that sets an environment variable to something
> involving a bit of randomness (XAUTHORITY=`mktemp
> /tmp/.Xauthority.XXXXXX`), or at the very least incorporates the users's
> uid or username. But I don't think such a module exists.
>
You can do this with the current pam_env on linux based machines
( and solaris and OSX with some hacking... ).
XAUTHORITY DEFAULT=/tmp/${\$}.Xauthority OVERRIDE=/var/tmp/@{PAM_USER}.Xauthority
Basically, you can use anything in the current ENV to set new
ENV variables.
_ Booker C. Bense