[OpenAFS] significant delay for afs user to login as root via su
ematlis@yahoo.com
ematlis@yahoo.com
Wed, 17 Mar 2010 14:52:09 -0700 (PDT)
My version of Linux is Fedora 12 x86_64. Here is my /etc/pam.d/su:=0A=0A#%=
PAM-1.0=0Aauth=09=09sufficient=09pam_rootok.so=0A# Uncomment the following =
line to implicitly trust users in the "wheel" group.=0A#auth=09=09sufficien=
t=09pam_wheel.so trust use_uid=0A# Uncomment the following line to require =
a user to be in the "wheel" group.=0A#auth=09=09required=09pam_wheel.so use=
_uid=0Aauth=09=09include=09=09system-auth=0Aaccount=09=09sufficient=09pam_s=
ucceed_if.so uid =3D 0 use_uid quiet=0Aaccount=09=09include=09=09system-aut=
h=0Apassword=09include=09=09system-auth=0Asession=09=09include=09=09system-=
auth=0Asession=09=09optional=09pam_xauth.so=0A=0ASince pam_afs_session.so i=
s not listed, I'd guess you are right, and that is not the source of the de=
lay.=0A=0AIf any other thoughts come to mind, let me know.=0A=0AThanks,=0Ae=
ric=0A=0A--- On Wed, 3/17/10, Russ Allbery <rra@stanford.edu> wrote:=0A=0A>=
From: Russ Allbery <rra@stanford.edu>=0A> Subject: Re: [OpenAFS] significa=
nt delay for afs user to login as root via su=0A> To: ematlis@yahoo.com=0A>=
Cc: "Simon Wilkinson" <sxw@inf.ed.ac.uk>, openafs-info@openafs.org=0A> Dat=
e: Wednesday, March 17, 2010, 4:48 PM=0A> ematlis@yahoo.com=0A> writes:=0A>=
=0A> > Well, there's nothing in /var/log/messages=0A> either.=A0 As for ch=
ecking the=0A> > PAM configuration for su, can you elaborate?=A0 I'm=0A> a =
beginner at this, so=0A> > you may have to provide details.=0A> =0A> I don'=
t know what version of Linux you're using, but as a=0A> general rule of=0A>=
thumb, look in /etc/pam.d/su and make sure that it's=0A> including your sh=
ared=0A> PAM configuration that you're thinking you're using and you=0A> do=
n't have=0A> some other reference to pam_afs_session in there that=0A> does=
n't have the=0A> debug line.=0A> =0A> Failing that, well, all the evidence =
so far indicates that=0A> pam_afs_session=0A> isn't being run at all for su=
, and hence can't be the=0A> source of your=0A> problems.=0A> =0A> -- =0A> =
Russ Allbery (rra@stanford.edu)=A0=0A> =A0 =A0 =A0 =A0 =A0=A0=A0<http://www=
.eyrie.org/~eagle/>=0A> =0A=0A=0A