[OpenAFS] Re: significant delay for afs user to login as root via su

Booker Bense bbense@slac.stanford.edu
Thu, 18 Mar 2010 09:21:13 -0700 (PDT)

On Thu, 18 Mar 2010, Andrew Deason wrote:

> I'm actually not sure if this is possible to do correctly (with existing
> ssh, PAM, etc). pam_env.so and ssh's "set-the-environment" functionality
> only take constant strings, from what I can tell. What I think you'd
> want is a pam module that sets an environment variable to something
> involving a bit of randomness (XAUTHORITY=`mktemp
> /tmp/.Xauthority.XXXXXX`), or at the very least incorporates the users's
> uid or username. But I don't think such a module exists.

You can do this with the current pam_env on linux based machines 
( and solaris and OSX with some hacking... ).

XAUTHORITY      DEFAULT=/tmp/${\$}.Xauthority   OVERRIDE=/var/tmp/@{PAM_USER}.Xauthority

Basically, you can use anything in the current ENV to set new 
ENV variables.

_ Booker C. Bense