[OpenAFS] significant delay for afs user to login as root via su

[ematlis@yahoo.com]

As another data point, I tried logging in via sudo -i instead of su.  Here'=
s what happened in /var/log/secure:=0A=0AMar 17 17:36:38 aerogold sudo: pam=
_unix(sudo-i:auth): authentication failure; logname=3Dematlis uid=3D0 euid=
=3D0 tty=3D/dev/pts/0 ruser=3Dematlis rhost=3Daerogold.aero.nd.edu  user=3D=
ematlis=0AMar 17 17:36:38 aerogold sudo: pam_krb5[2407]: authentication suc=
ceeds for 'ematlis' (ematlis@ND.EDU)=0AMar 17 17:36:38 aerogold sudo:  emat=
lis : TTY=3Dpts/0 ; PWD=3D/afs/nd.edu/user12/ematlis ; USER=3Droot ; COMMAN=
D=3D/bin/bash=0AMar 17 17:36:38 aerogold sudo: (pam_afs_session): pam_sm_se=
tcred: entry (0x2)=0AMar 17 17:36:38 aerogold sudo: (pam_afs_session): skip=
ping tokens, no Kerberos ticket cache=0AMar 17 17:36:38 aerogold sudo: (pam=
_afs_session): pam_sm_setcred: exit (success)=0A=0A=0A--- On Wed, 3/17/10, =
Russ Allbery <rra@stanford.edu> wrote:=0A=0A> From: Russ Allbery <rra@stanf=
ord.edu>=0A> Subject: Re: [OpenAFS] significant delay for afs user to login=
 as root via su=0A> To: ematlis@yahoo.com=0A> Cc: "Simon Wilkinson" <sxw@in=
f.ed.ac.uk>, openafs-info@openafs.org=0A> Date: Wednesday, March 17, 2010, =
4:22 PM=0A> ematlis@yahoo.com=0A> writes:=0A> =0A> > I added "debug" to the=
 session stack as so:=0A> =0A> > session=A0 =A0=A0=A0required=A0 =A0=0A> =
=A0 pam_afs_session.so program=3D/usr/bin/aklog debug=0A> =0A> > However, l=
ogging in via su only produces this in=0A> /var/log/secure:=0A> =0A> > Mar =
17 17:22:25 aerogold su: pam_unix(su:session):=0A> session opened for user =
root by ematlis(uid=3D86261)=0A> =0A> That would imply that pam_afs_session=
 is never being run,=0A> or that auth.*=0A> logs are actually going somewhe=
re other than=0A> /var/log/secure.=A0 Check your=0A> other log files to see=
 if they're somewhere else.=A0=0A> Failing that,=0A> double-check that su i=
s really using the PAM configuration=0A> that you think=0A> it is.=0A> =0A>=
 -- =0A> Russ Allbery (rra@stanford.edu)=A0=0A> =A0 =A0 =A0 =A0 =A0=A0=A0<h=
ttp://www.eyrie.org/~eagle/>=0A> =0A=0A=0A