[OpenAFS] significant delay for afs user to login as root via su

ematlis@yahoo.com ematlis@yahoo.com
Thu, 18 Mar 2010 12:09:08 -0700 (PDT)

That doesn't seem to be working either.  Maybe there is something else goin=
g on?  Notice the "X11 connection rejected" error:=0A=0A[matlis@quadzilla ~=
]$ ssh -Y ematlis@aerogold=0Aematlis@aerogold's password: =0ALast login: Th=
u Mar 18 14:51:42 2010 from quadzilla.aero.nd.edu=0AX11 connection rejected=
 because of wrong authentication.=0AX11 connection rejected because of wron=
g authentication.=0Axhost:  unable to open display "localhost:10.0"=0A[emat=
lis@aerogold ~]$ echo $XAUTHORITY=0AXAUTHORITY: Undefined variable.=0A=0Ath=
anks,=0Aeric=0A=0A=0A--- On Thu, 3/18/10, Carson Gaspar <carson@taltos.org>=
 wrote:=0A=0A> From: Carson Gaspar <carson@taltos.org>=0A> Subject: Re: [Op=
enAFS] significant delay for afs user to login as root via su=0A> To: "Davi=
d S. Goldberg" <dsg@mitre.org>=0A> Cc: "Ken Hornstein" <kenh@cmf.nrl.navy.m=
il>, ematlis@yahoo.com, openafs-info@openafs.org=0A> Date: Thursday, March =
18, 2010, 2:03 PM=0A> David S. Goldberg wrote:=0A> >> - Assuming you're usi=
ng ssh (I am guessing that=0A> you are), convince sshd=0A> >>=A0=A0=A0to wr=
ite your Xauthority=0A> information somewhere else, like a file=0A> >>=A0=
=A0=A0in /tmp (and make sure your=0A> XAUTHORITY environment variable is co=
rrect).=0A> >>=A0=A0=A0I would guess this is possible,=0A> but I don't know=
 if there's an easy=0A> >>=A0=A0=A0way to do it.=0A> > =0A> > I do this wit=
h the following code in ~/.ssh/rc:=0A> > =0A> > if [ "$DISPLAY" =3D "" ]; t=
hen exit 0 ; fi=0A> > if [ ! -d /tmp/.${USER} ]; then # I actually don't=0A=
> reference $USER -=0A> >=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=0A> =A0 =A0 =A0 =
=A0 =A0 =A0=0A> =A0=A0=A0# just put your own ID there.=0A> >=A0 =A0=A0=A0/b=
in/sh -c "umask 77 ; mkdir=0A> /tmp/.${USER}" ;=A0=0A> =A0=A0=A0XAUTHORITY=
=3D/tmp/.${USER}/.Xauthority;=0A> =0A> Please don't use that code if you wa=
nt something robust.=0A> Use something like the below (tossed off in a few =
seconds,=0A> so take with a grain of salt):=0A> =0A> unset XAUTHORITY=0A> i=
f test ! -d "/tmp/.${USER}"; then=0A> =A0=A0=A0 (umask 77; echo mkdir "/tmp=
/.${USER}")=0A> && \=0A> =A0=A0=A0 XAUTHORITY=3D"/tmp/.${USER}/.Xauthority"=
=0A> else=0A> =A0=A0=A0 touch "/tmp/.${USER}/.Xauthority"=0A> && \=0A> =A0=
=A0=A0 XAUTHORITY=3D"/tmp/.${USER}/.Xauthority"=0A> fi=0A> if test -z "${XA=
UTHORITY}"; then=0A> =A0=A0=A0 # Something is wrong=0A> =A0=A0=A0 test -t 2=
 && echo "Could not set=0A> XAUTHORITY" 1>&2=0A> fi=0A> =0A> -- Carson=0A> =
_______________________________________________=0A> OpenAFS-info mailing li=
st=0A> OpenAFS-info@openafs.org=0A> https://lists.openafs.org/mailman/listi=
nfo/openafs-info=0A> =0A=0A=0A