[OpenAFS] significant delay for afs user to login as root via su

ematlis@yahoo.com ematlis@yahoo.com
Thu, 18 Mar 2010 11:27:39 -0700 (PDT)

I created a file ~/.ssh/rc as per your suggestion in the machine that I am =
logging into ("aerogold" in this case).  Logging in gives me this:=0A=0A[ma=
tlis@quadzilla ~]$ ssh -Y ematlis@aerogold=0Aematlis@aerogold's password: =
=0ALast login: Thu Mar 18 14:24:37 2010 from quadzilla.aero.nd.edu=0AX11 co=
nnection rejected because of wrong authentication.=0Axauth:  creating new a=
uthority file /tmp/.ematlis/.Xauthority=0Axauth:  creating new authority fi=
le /tmp/.ematlis/.Xauthority=0AX11 connection rejected because of wrong aut=
hentication.=0Axhost:  unable to open display "localhost:10.0"=0A[ematlis@a=
erogold ~]$ echo $XAUTHORITY=0AXAUTHORITY: Undefined variable.=0A=0ADoesn't=
 seemed like it worked...=0A=0Athanks,=0Aeric=0A=0A=0A--- On Thu, 3/18/10, =
David S. Goldberg <dsg@mitre.org> wrote:=0A=0A> From: David S. Goldberg <ds=
g@mitre.org>=0A> Subject: Re: [OpenAFS] significant delay for afs user to l=
ogin as root via su=0A> To: "Ken Hornstein" <kenh@cmf.nrl.navy.mil>=0A> Cc:=
 ematlis@yahoo.com, openafs-info@openafs.org=0A> Date: Thursday, March 18, =
2010, 12:01 PM=0A> > - Assuming you're using ssh (I=0A> am guessing that yo=
u are), convince sshd=0A> >=A0=A0=A0to write your Xauthority information=0A=
> somewhere else, like a file=0A> >=A0=A0=A0in /tmp (and make sure your=0A>=
 XAUTHORITY environment variable is correct).=0A> >=A0=A0=A0I would guess t=
his is possible, but I=0A> don't know if there's an easy=0A> >=A0=A0=A0way =
to do it.=0A> =0A> I do this with the following code in ~/.ssh/rc:=0A> =0A>=
 if [ "$DISPLAY" =3D "" ]; then exit 0 ; fi=0A> if [ ! -d /tmp/.${USER} ]; =
then # I actually don't=0A> reference $USER -=0A> =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0=0A> =A0 =A0 =A0 =A0 =A0 =A0 =A0 # just put=0A> your own ID there.=
=0A> =A0 =A0 /bin/sh -c "umask 77 ; mkdir /tmp/.${USER}" ;=0A> =0A> =A0 =A0=
 XAUTHORITY=3D/tmp/.${USER}/.Xauthority;=0A> =A0 =A0 export XAUTHORITY;=0A>=
 fi;=0A> xauth remove $DISPLAY=0A> read xauthstuff=0A> xauth add $DISPLAY $=
xauthstuff=0A> =0A> The second if statement is also in my shell profile to=
=0A> ensure=0A> XAUTHORITY is properly set on subsequent shells, but with=
=0A> some=0A> additional checks to ensure I don't interfere with any=0A> XA=
UTHORITY=0A> setting generated when doing a console login.=0A> =0A> -- =0A>=
 Dave Goldberg=0A> Associate Department Head, G06A: Advanced Technical=0A> =
Computing Center=0A> The MITRE Corporation \ MS K331 \ 202 Burlington Rd. \=
=0A> Bedford, MA 01730=0A> dsg@mitre.org \=0A> 781-271-3887 (W) \ 781-439-7=
875 (M)=0A> _______________________________________________=0A> OpenAFS-inf=
o mailing list=0A> OpenAFS-info@openafs.org=0A> https://lists.openafs.org/m=
ailman/listinfo/openafs-info=0A> =0A=0A=0A