[OpenAFS] significant delay for afs user to login as root via su

Russ Allbery rra@stanford.edu
Wed, 17 Mar 2010 14:17:49 -0700

ematlis@yahoo.com writes:

> I added debug to the end of this line in /etc/pam.d/system-auth-ac:

> auth      [default=done]  pam_afs_session.so program=/usr/bin/aklog debug

> However, /var/log/secure does not show any more information that normal.
> Do I need to restart some service to "activate" this change?


Did you also add debug to any invocation of pam_afs_session in the session
stack?  In most configurations you're using the regular UNIX root password
for su, so the auth stack pam_afs_session invocation, which is conditional
on Kerberos authentication normally, never happens.  Only the session
invocation happens.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>