[OpenAFS] significant delay for afs user to login as root via su
Thu, 18 Mar 2010 10:38:18 -0400
>You are correct in your assumptions. Regarding XAUTHORITY (with pam_xauth
>logging in at the machine, this is what I find:
>[ematlis@aerogold ~]$ echo $XAUTHORITY
Okay, that explains it. When you log in locally (I assume) the
graphical login manager sets up a local .Xauthority file and points the
environment variable to it. Since AFS isn't involved in this case,
there are no timeouts from the Xauthority routines in pam_xauth.so.
And if XAUTHORITY _isn't_ set, then it defaults to $HOME/.Xauthority.
So ... what's the solution? Well, if you just want to get rid of the
delay, obviously commenting out pam_xauth is easiest. But I guess you
want to log in remotely, su, _and_ run X applications. I personally
find this strange, but, hey, whatever. If you want to do that without
having to manually paste in Xauthority information into the correct
file, I guess I see three options.
- Get PAGs working (I think this would solve your issue).
- Assuming you're using ssh (I am guessing that you are), convince sshd
to write your Xauthority information somewhere else, like a file
in /tmp (and make sure your XAUTHORITY environment variable is correct).
I would guess this is possible, but I don't know if there's an easy
way to do it.
- Switch to using xhost authentication and simply point your DISPLAY
variable to the "real" X server (which I fully admit would suck from
a security standpoint.