[OpenAFS] Re: significant delay for afs user to login as root via su

Andrew Deason adeason@sinenomine.net
Thu, 18 Mar 2010 10:55:39 -0500

On Thu, 18 Mar 2010 10:38:18 -0400
Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:

> - Assuming you're using ssh (I am guessing that you are), convince
>   sshd to write your Xauthority information somewhere else, like a
>   file in /tmp (and make sure your XAUTHORITY environment variable is
>   correct).  I would guess this is possible, but I don't know if
>   there's an easy way to do it.

I'm actually not sure if this is possible to do correctly (with existing
ssh, PAM, etc). pam_env.so and ssh's "set-the-environment" functionality
only take constant strings, from what I can tell. What I think you'd
want is a pam module that sets an environment variable to something
involving a bit of randomness (XAUTHORITY=`mktemp
/tmp/.Xauthority.XXXXXX`), or at the very least incorporates the users's
uid or username. But I don't think such a module exists.

Anyone want to write it? :) It would basically be a call to mkstemp()
and setting an environment var. This could also solve the problem Doug
Engert's pam_krb5_ccache.so module solves on Solaris, I think.

Andrew Deason