[OpenAFS] significant delay for afs user to login as root via su

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 18 Mar 2010 09:48:54 -0400

>Ok, one other data point- I should have mentioned in the very beginning that
>I'm actually logging into the machine in question remotely, then issuing
>the su command.  This seems to make a difference.  While I THOUGHT the
>problem occurred either way, now I'm finding that if I actually sit down
>at the machine, log in via AFS, then enter su, there is no delay (and no
>xauth warning either) regardless of pam_xauth being in /etc/pam.d/su or not.
>It's only when I ssh to the machine remotely, then try su that I see a
>delay if the pam_xauth line is in /etc/pam.d/su.

Okay, that's a bit more data.

We ran into this problem as well.  The root cause of the delay is that
the pam_xauth module is trying to copy you .Xauthority file into root's
.Xauthority file ... and to do that it needs to create some files in your
home directory as part of the .Xauthority locking, and it can't do that
(because as root it can't read/write your home directory) and it's
timing out as part of that.

Try something else.  After you su, run "tokens".  Do you get anything

Given that it works fine when you log into the console, what I _think_
is happening is that you're not getting a PAG when you log in remotely,
so your UID-based AFS token is not going with you when you su to root.