[OpenAFS] Re: significant delay for afs user to login as root via su

ematlis@yahoo.com ematlis@yahoo.com
Thu, 18 Mar 2010 13:09:23 -0700 (PDT)


Right, I agree with you.=0A=0AI guess my original concern was that the su d=
elay was symptomatic of some larger problem with my AFS or PAM setup.  But =
if it's really only going to happen in the narrow set of circumstances I've=
 outlined, then it's not a critical issue; it's not like many of the AFS ac=
counts will have su access anyway.=0A=0Athanks,=0Aeric=0A=0A--- On Thu, 3/1=
8/10, Andrew Deason <adeason@sinenomine.net> wrote:=0A=0A> From: Andrew Dea=
son <adeason@sinenomine.net>=0A> Subject: [OpenAFS] Re: significant delay f=
or afs user to login as root via su=0A> To: openafs-info@openafs.org=0A> Da=
te: Thursday, March 18, 2010, 2:55 PM=0A> On Thu, 18 Mar 2010 12:42:34 -070=
0=0A> Carson Gaspar <carson@taltos.org>=0A> wrote:=0A> =0A> > ematlis@yahoo=
.com=0A> wrote:=0A> > > That doesn't seem to be working either.=A0=0A> Mayb=
e there is something=0A> > > else going on?=A0 Notice the "X11 connection=
=0A> rejected" error:=0A> > =0A> > So I actually did some testing. Environm=
ent variables=0A> set in .ssh/rc=0A> > are ignored by your login shell. So =
you either need to=0A> set XAUTHORITY=0A> > in .ssh/environment and set Per=
mitUserEnvironment to=0A> yes in=0A> > sshd_config, or you need to set it i=
n your shell login=0A> scripts=0A> > (.bash_profile or whatever).=0A> =0A> =
Or as suggested by Booker Bense, you can set it in=0A> pam_env.conf, which=
=0A> will set it for both the PAM environment and your shell,=0A> won't it?=
=0A> =0A> That approach also makes this work for all users, without=0A> the=
m having to=0A> do something special in their init scripts or .ssh/.=0A> =
=0A> -- =0A> Andrew Deason=0A> adeason@sinenomine.net=0A> =0A> ____________=
___________________________________=0A> OpenAFS-info mailing list=0A> OpenA=
FS-info@openafs.org=0A> https://lists.openafs.org/mailman/listinfo/openafs-=
info=0A> =0A=0A=0A