Bug 128246 - login times out before nss_ldap has finished, disabling console login
login times out before nss_ldap has finished, disabling console login
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: util-linux (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-20 15:03 EDT by Greg Swallow
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-31 19:09:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Greg Swallow 2004-07-20 15:03:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031205

Description of problem:
/bin/login is set to time out after 60 seconds of waiting.  However,
nss_ldap, when the following lines are set in /etc/nsswitch.conf:

passwd: files ldap
shadow: files ldap
group: files ldap

takes 140 seconds to return information about the root account if the
LDAP server is unavailable.  Therefore, login times out before
nss_ldap can supply an answer, disabling root logins via the console
if the LDAP server is down.

For a server install, this is unacceptable. 

Also, the SRPM for util-linux is jacked in several horrible ways (spec
file provides a bogus path to gtk-config, make doesn't create login
binaries, etc.), otherwise I'd have submitted util-linux-2.12-19.srpm.


Version-Release number of selected component (if applicable):
util-linux-2.12-18

How reproducible:
Always

Steps to Reproduce:
1. Unplug network cable and boot system.
2. Try logging in.
3. Wait for quick flash of "Login timed out after 60 seconds" message.
   

Actual Results:  Reboot into single-user mode, set passwd, shadow and
groups lines to just "files" and it works fine.


Expected Results:  root user can log into the console even when the
system is offline.
util-linux SRPM would at least build.


Additional info:
Comment 1 David Dorgan 2004-08-11 04:38:51 EDT
In short, dropping the bind timeout in /etc/ldap.conf will work around
this issue.

Basically if you strace a login, you'll see it try to connect to each
ldap server a number of times, depending on the amount of servers you
have, drop this to a limit under 60 seconds. 
Comment 2 Elliot Lee 2004-08-31 19:09:08 EDT
Yea, I think you need to drop the timeout - there's really no way
login can know about timeouts inside an nss module.
Comment 3 David Dorgan 2004-09-23 06:57:26 EDT
There is a better fix you should try at least. Find the source RPM,
patch it to simply remove the line:

rc = ldap_initialize (&__session.ls_conn, cfg->ldc_uri);

from ldap-nss.c, line 1106. This should fix the problem.
More information about this function can be found at:

http://www.zmailer.org/mhalist/2003/msg00517.html

David

Note You need to log in before you can comment on or make changes to this bug.