View previous topic :: View next topic |
Author |
Message |
Mr. Tao Tux's lil' helper
Joined: 20 Jul 2007 Posts: 147
|
Posted: Fri Aug 01, 2008 10:21 am Post subject: [pam_krb5 / afs] Long delay on su |
|
|
When I do su it takes 15-20 seconds to proceed. Login as root from login shell doesn't suffer from this problem.
My home dir is on AFS and I'm authenticating users against kerberos. It's not crucial but it's annoying - any ideas ? /etc/pam.d/system-auth: | auth required pam_env.so
auth sufficient pam_krb5.so
auth optional pam_afs_session.so program=/usr/bin/aklog
auth sufficient pam_ssh.so
auth required pam_unix.so try_first_pass likeauth nullok
account sufficient pam_krb5.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password sufficient pam_krb5.so use_authtok ignore_root
password required pam_unix.so try_first_pass use_authtok nullok md5 shadow
session required pam_limits.so
session optional pam_krb5.so ignore_root debug
session required pam_afs_session.so program=/usr/bin/aklog
session required pam_env.so
session optional pam_mktemp.so
session optional pam_ssh.so
session required pam_unix.so
session optional pam_permit.so |
|
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Fri Aug 01, 2008 1:40 pm Post subject: |
|
|
You might also want to post /etc/pam.d/su for this topic. (I have no useful suggestions at this time, but the pam post for su might help spark some ideas.) _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
Mr. Tao Tux's lil' helper
Joined: 20 Jul 2007 Posts: 147
|
Posted: Sat Aug 02, 2008 5:04 pm Post subject: |
|
|
Thanks for idea. So far I haven't made any modification to any other pam files except for system-auth, so mine su file looks like this: /etc/pam.d/su: | #%PAM-1.0
auth sufficient pam_rootok.so
# If you want to restrict users begin allowed to su even more,
# create /etc/security/suauth.allow (or to that matter) that is only
# writable by root, and add users that are allowed to su to that
# file, one per line.
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
# Uncomment this to allow users in the wheel group to su without
# entering a passwd.
#auth sufficient pam_wheel.so use_uid trust
# Alternatively to above, you can implement a list of users that do
# not need to supply a passwd with a list.
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
# Comment this to allow any user, even those not in the 'wheel'
# group to su
auth required pam_wheel.so use_uid
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session required pam_env.so
session optional pam_xauth.so |
|
|
Back to top |
|
|
|