Bug 459057

Summary: Use of pam_access in WBEM causes DNS-related slowdowns
Product: Red Hat Enterprise Linux 5 Reporter: Tim Potter <tpot>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2CC: adaora.onyia, cward, mmalik, mvadkert, ohudlick, rick.hester, sgrubb, tao, vcrhonek
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 11:24:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Potter 2008-08-14 05:08:52 UTC 
Description of problem:

RH has added the pam_access module (configured via the /etc/Pegasus/access.conf file) to the PAM stack for OpenPegasus.  Unfortunately due to the design of the  pam_access module it thinks the wbemLocal and wbemNetwork keywords are hostnames and tries to do DNS lookups on them.  This causes delays before the WBEM credentials are authorized while these unecessary DNS lookups fail or time out.

A workaround is to comment out the pam_access line in the /etc/pam.d/wbem file.  When this is done making WBEM requests is much snappier.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tomas Mraz 2008-11-11 14:56:31 UTC 
pam_access should be fixed to not resolve the origin if the matching line doesn't contain ip or ip/netmask.
Comment 6 Chris Ward 2009-07-03 18:06:19 UTC 
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 7 Tim Potter 2009-07-08 02:33:14 UTC 
Verified as fixed in RHEL5.4 beta1.
Comment 9 errata-xmlrpc 2009-09-02 11:24:16 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1358.html