Gentoo Archives: gentoo-security

From: Volkov Peter Alexandrovich <PVolkov@××××××××.su>
To: gentoo-security@l.g.o
Subject: [gentoo-security] PAM takes a long time.
Date: Thu, 08 Apr 2004 13:35:28
In Reply to: [gentoo-security] System knockout :-( by Tobias Weisserth
1 Hi.
3 I have Samba server. I'd like to use it as WINS server and, as this computer is only samba server, so it's a good idea to make it local master browser. It's Ok with configuration of PAM, but some time after server was up users became to blame me for bad network browsing. I blame PAM.
5 The first sing was during ssh login. It takes long time to connect on a absolutly free server! Then during system startup after starting last service everything hangs on >20 seconds and only after this I can see login invitation.
7 Yesterday I rebuilded system from stage 3, and for 1 day everything worked very fast (as it must to work) but now again this delay doesn't allow users to browse in a normal way (As this computer is local master browser (NBT)).
9 A little experiment to understand that it is really PAM. I've started sshd -d to see what is going on. So:
10 file-server root # sshd -d
11 debug1: sshd version OpenSSH_3.7.1p2
12 debug1: read PEM private key done: type RSA
13 debug1: private host key: #0 type 1 RSA
14 debug1: read PEM private key done: type DSA
15 debug1: private host key: #1 type 2 DSA
16 socket: Address family not supported by protocol
17 debug1: Bind to port 22 on
18 Server listening on port 22.
19 debug1: Server will not fork when running in debugging mode.
21 At this point server is waiting for connections... then I'm trying to connect :
23 Connection from port 32781
24 debug1: Client protocol version 2.0; client software version OpenSSH_3.7.1p2
25 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
26 debug1: Enabling compatibility mode for protocol 2.0
27 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2
28 debug1: permanently_set_uid: 22/22
29 debug1: list_hostkey_types: ssh-rsa,ssh-dss
30 debug1: SSH2_MSG_KEXINIT sent
31 debug1: SSH2_MSG_KEXINIT received
32 debug1: kex: client->server aes128-cbc hmac-md5 none
33 debug1: kex: server->client aes128-cbc hmac-md5 none
34 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
35 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
36 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
37 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
38 debug1: SSH2_MSG_NEWKEYS sent
39 debug1: expecting SSH2_MSG_NEWKEYS
40 debug1: SSH2_MSG_NEWKEYS received
41 debug1: KEX done
42 debug1: userauth-request for user root service ssh-connection method none
43 debug1: attempt 0 failures 0
44 debug1: PAM: initializing for "root"
46 At this point process stops on >20 seconds and then with the next strings of text the password promt was show to me...
48 As Samba uses PAM for authentification for now I am sure that it is PAM that slows down the whole windows networking.
50 I have 4 boxes with identical configuration (although the hardware differs a bit) but this happens only on one of them.
52 How to speedup PAM? How can I find out more details about problem?
54 Searching google gives me nothing.
55 Searching forum gives me nothing...
58 And sorry for my English. It's not my native language.
59 ______________________________________
61 Volkov Peter, <pvolkov@××××××××.su>
62 Moscow State University, Phys. Dep.
63 ______________________________________
65 Linux 2.4.25 i686
66 Mobile Intel(R) Celeron(R) CPU 1.60GHz
68 --
69 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] PAM takes a long time. Paul de Vrieze <pauldv@g.o>
Re: [gentoo-security] PAM takes a long time. Tarragon Allen <lists@××××××××.com>
Re: [gentoo-security] PAM takes a long time [solved]. Volkov Peter Alexandrovich <PVolkov@××××××××.su>