Bug 128246 - login times out before nss_ldap has finished, disabling console login
Summary: login times out before nss_ldap has finished, disabling console login
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: util-linux   
(Show other bugs)
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-20 19:03 UTC by Greg Swallow
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-31 23:09:08 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Greg Swallow 2004-07-20 19:03:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031205

Description of problem:
/bin/login is set to time out after 60 seconds of waiting.  However,
nss_ldap, when the following lines are set in /etc/nsswitch.conf:

passwd: files ldap
shadow: files ldap
group: files ldap

takes 140 seconds to return information about the root account if the
LDAP server is unavailable.  Therefore, login times out before
nss_ldap can supply an answer, disabling root logins via the console
if the LDAP server is down.

For a server install, this is unacceptable. 

Also, the SRPM for util-linux is jacked in several horrible ways (spec
file provides a bogus path to gtk-config, make doesn't create login
binaries, etc.), otherwise I'd have submitted util-linux-2.12-19.srpm.


Version-Release number of selected component (if applicable):
util-linux-2.12-18

How reproducible:
Always

Steps to Reproduce:
1. Unplug network cable and boot system.
2. Try logging in.
3. Wait for quick flash of "Login timed out after 60 seconds" message.
   

Actual Results:  Reboot into single-user mode, set passwd, shadow and
groups lines to just "files" and it works fine.


Expected Results:  root user can log into the console even when the
system is offline.
util-linux SRPM would at least build.


Additional info:

Comment 1 David Dorgan 2004-08-11 08:38:51 UTC
In short, dropping the bind timeout in /etc/ldap.conf will work around
this issue.

Basically if you strace a login, you'll see it try to connect to each
ldap server a number of times, depending on the amount of servers you
have, drop this to a limit under 60 seconds. 

Comment 2 Elliot Lee 2004-08-31 23:09:08 UTC
Yea, I think you need to drop the timeout - there's really no way
login can know about timeouts inside an nss module.

Comment 3 David Dorgan 2004-09-23 10:57:26 UTC
There is a better fix you should try at least. Find the source RPM,
patch it to simply remove the line:

rc = ldap_initialize (&__session.ls_conn, cfg->ldc_uri);

from ldap-nss.c, line 1106. This should fix the problem.
More information about this function can be found at:

http://www.zmailer.org/mhalist/2003/msg00517.html

David


Note You need to log in before you can comment on or make changes to this bug.