[OpenAFS] significant delay for afs user to login as root via su
Russ Allbery
rra@stanford.edu
Wed, 17 Mar 2010 14:50:17 -0700
ematlis@yahoo.com writes:
> As another data point, I tried logging in via sudo -i instead of su.
> Here's what happened in /var/log/secure:
> Mar 17 17:36:38 aerogold sudo: pam_unix(sudo-i:auth): authentication failure; logname=ematlis uid=0 euid=0 tty=/dev/pts/0 ruser=ematlis rhost=aerogold.aero.nd.edu user=ematlis
> Mar 17 17:36:38 aerogold sudo: pam_krb5[2407]: authentication succeeds for 'ematlis' (ematlis@ND.EDU)
> Mar 17 17:36:38 aerogold sudo: ematlis : TTY=pts/0 ; PWD=/afs/nd.edu/user12/ematlis ; USER=root ; COMMAND=/bin/bash
> Mar 17 17:36:38 aerogold sudo: (pam_afs_session): pam_sm_setcred: entry (0x2)
> Mar 17 17:36:38 aerogold sudo: (pam_afs_session): skipping tokens, no Kerberos ticket cache
> Mar 17 17:36:38 aerogold sudo: (pam_afs_session): pam_sm_setcred: exit (success)
This isn't comparable because you authenticated with Kerberos, and hence
it ran the pam_afs_session in the auth stack (which then does nothing, as
you can tell, since pam_krb5 hadn't gotten around to creating the Kerberos
ticket cache yet, which it does in the session stack).
There should be a second invocation of both pam_krb5 and pam_afs_session
when the session is opened.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>