[OpenAFS] Re: significant delay for afs user to login as root via su
Thu, 18 Mar 2010 10:55:39 -0500
On Thu, 18 Mar 2010 10:38:18 -0400
Ken Hornstein <firstname.lastname@example.org> wrote:
> - Assuming you're using ssh (I am guessing that you are), convince
> sshd to write your Xauthority information somewhere else, like a
> file in /tmp (and make sure your XAUTHORITY environment variable is
> correct). I would guess this is possible, but I don't know if
> there's an easy way to do it.
I'm actually not sure if this is possible to do correctly (with existing
ssh, PAM, etc). pam_env.so and ssh's "set-the-environment" functionality
only take constant strings, from what I can tell. What I think you'd
want is a pam module that sets an environment variable to something
involving a bit of randomness (XAUTHORITY=`mktemp
/tmp/.Xauthority.XXXXXX`), or at the very least incorporates the users's
uid or username. But I don't think such a module exists.
Anyone want to write it? :) It would basically be a call to mkstemp()
and setting an environment var. This could also solve the problem Doug
Engert's pam_krb5_ccache.so module solves on Solaris, I think.