[OpenAFS] significant delay for afs user to login as root via su

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 18 Mar 2010 10:38:18 -0400

>You are correct in your assumptions.  Regarding XAUTHORITY (with pam_xauth
>in su):
>logging in at the machine, this is what I find:
>before su:
>[ematlis@aerogold ~]$ echo $XAUTHORITY


Okay, that explains it.  When you log in locally (I assume) the
graphical login manager sets up a local .Xauthority file and points the
environment variable to it.  Since AFS isn't involved in this case,
there are no timeouts from the Xauthority routines in pam_xauth.so.
And if XAUTHORITY _isn't_ set, then it defaults to $HOME/.Xauthority.

So ... what's the solution?  Well, if you just want to get rid of the
delay, obviously commenting out pam_xauth is easiest.  But I guess you
want to log in remotely, su, _and_ run X applications.  I personally
find this strange, but, hey, whatever.  If you want to do that without
having to manually paste in Xauthority information into the correct
file, I guess I see three options.

- Get PAGs working (I think this would solve your issue).
- Assuming you're using ssh (I am guessing that you are), convince sshd
  to write your Xauthority information somewhere else, like a file
  in /tmp (and make sure your XAUTHORITY environment variable is correct).
  I would guess this is possible, but I don't know if there's an easy
  way to do it.
- Switch to using xhost authentication and simply point your DISPLAY
  variable to the "real" X server (which I fully admit would suck from
  a security standpoint.