[OpenAFS] significant delay for afs user to login as root via su
Wed, 17 Mar 2010 13:54:07 -0700
Simon Wilkinson <email@example.com> writes:
> On 17 Mar 2010, at 20:24, firstname.lastname@example.org wrote:
>> I have noticed a significant delay (30 seconds or more) for a user
>> logged in through an AFS account to open the root account via the
>> command "su". This delay does not happen for a local account. I'm not
>> sure where to start looking for this one. Any ideas?
> Are you using pam_afs_session? We've just discovered that when that is
> enabled in the su stack, becoming root takes a very long time, whether
> or not you have set the minimum_uid or not. The simple solution is to
> not run pam_afs_session in the 'su' stack.
> More investigation is required into what's actually going wrong, but
> nobody here has had a chance to do so yet. Given that just removing
> pam_afs_session from the su stack gives us the behaviour we want, I'm
> not sure how much more investigation we'll end up doing.
> It might be worth speaking to Russ to see if anyone else is seeing this
> problem, or he might chime in here.
I run su all the time on systems that do not use a distinct PAM stack for
su and have pam-afs-session configured, and I've never seen this. (And I
know pam-afs-session is running, since I get a new PAG after I su.)
Could you add "debug" to the end of the pam_afs_session PAM configuration
line and then show me the resulting syslog messages after an su?
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>