Gentoo Archives: gentoo-security

From: Volkov Peter Alexandrovich <PVolkov@××××××××.su>
To: gentoo-security@l.g.o
Subject: [gentoo-security] PAM takes a long time.
Date: Thu, 08 Apr 2004 13:35:28
Message-Id: 20040408174214.681c2485.PVolkov@mics.msu.su
In Reply to: [gentoo-security] System knockout :-( by Tobias Weisserth
1 Hi.
2
3 I have Samba server. I'd like to use it as WINS server and, as this computer is only samba server, so it's a good idea to make it local master browser. It's Ok with configuration of PAM, but some time after server was up users became to blame me for bad network browsing. I blame PAM.
4
5 The first sing was during ssh login. It takes long time to connect on a absolutly free server! Then during system startup after starting last service everything hangs on >20 seconds and only after this I can see login invitation.
6
7 Yesterday I rebuilded system from stage 3, and for 1 day everything worked very fast (as it must to work) but now again this delay doesn't allow users to browse in a normal way (As this computer is local master browser (NBT)).
8
9 A little experiment to understand that it is really PAM. I've started sshd -d to see what is going on. So:
10 file-server root # sshd -d
11 debug1: sshd version OpenSSH_3.7.1p2
12 debug1: read PEM private key done: type RSA
13 debug1: private host key: #0 type 1 RSA
14 debug1: read PEM private key done: type DSA
15 debug1: private host key: #1 type 2 DSA
16 socket: Address family not supported by protocol
17 debug1: Bind to port 22 on 0.0.0.0.
18 Server listening on 0.0.0.0 port 22.
19 debug1: Server will not fork when running in debugging mode.
20
21 At this point server is waiting for connections... then I'm trying to connect :
22
23 Connection from 172.16.0.1 port 32781
24 debug1: Client protocol version 2.0; client software version OpenSSH_3.7.1p2
25 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
26 debug1: Enabling compatibility mode for protocol 2.0
27 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
28 debug1: permanently_set_uid: 22/22
29 debug1: list_hostkey_types: ssh-rsa,ssh-dss
30 debug1: SSH2_MSG_KEXINIT sent
31 debug1: SSH2_MSG_KEXINIT received
32 debug1: kex: client->server aes128-cbc hmac-md5 none
33 debug1: kex: server->client aes128-cbc hmac-md5 none
34 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
35 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
36 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
37 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
38 debug1: SSH2_MSG_NEWKEYS sent
39 debug1: expecting SSH2_MSG_NEWKEYS
40 debug1: SSH2_MSG_NEWKEYS received
41 debug1: KEX done
42 debug1: userauth-request for user root service ssh-connection method none
43 debug1: attempt 0 failures 0
44 debug1: PAM: initializing for "root"
45
46 At this point process stops on >20 seconds and then with the next strings of text the password promt was show to me...
47
48 As Samba uses PAM for authentification for now I am sure that it is PAM that slows down the whole windows networking.
49
50 I have 4 boxes with identical configuration (although the hardware differs a bit) but this happens only on one of them.
51
52 How to speedup PAM? How can I find out more details about problem?
53
54 Searching google gives me nothing.
55 Searching forum gives me nothing...
56
57
58 And sorry for my English. It's not my native language.
59 ______________________________________
60
61 Volkov Peter, <pvolkov@××××××××.su>
62 Moscow State University, Phys. Dep.
63 ______________________________________
64
65 Linux 2.4.25 i686
66 Mobile Intel(R) Celeron(R) CPU 1.60GHz
67
68 --
69 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] PAM takes a long time. Paul de Vrieze <pauldv@g.o>
Re: [gentoo-security] PAM takes a long time. Tarragon Allen <lists@××××××××.com>
Re: [gentoo-security] PAM takes a long time [solved]. Volkov Peter Alexandrovich <PVolkov@××××××××.su>