Hide Forgot
Description of problem: Authentication in proxy mode fails under heavy load (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [be_pam_handler] (4): Got request with the following data (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): command: PAM_AUTHENTICATE (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): domain: indis (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): user: APPUSER (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): service: vsftpd_nas (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): tty: ftp (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): ruser: APPUSER (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): rhost: nastf2.testfactory.copergmps (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): authtok type: 1 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): authtok size: 7 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): newauthtok type: 0 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): newauthtok size: 0 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): priv: 0 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [pam_print_data] (4): cli_pid: 27026 (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [proxy_child_send] (8): Queueing request [19] (Thu Aug 18 11:09:25 2016) [sssd[be[indis]]] [proxy_child_send] (8): All available child slots are full, queuing request The request is turn the hardcoded number of preforked childs into a config option. $ grep -B1 max_children src/providers/proxy/proxy_init.c /* Set up request hash table */ /* FIXME: get max_children from configuration file */ auth_ctx->max_children = 10; Version-Release number of selected component (if applicable): verified on RHEL-5.11, but some code also exists in master. How reproducible: for I in $(seq 1 350); do lftp -e 'ls; quit' ftp://FTP-SERVER -u LDAP-USER,LDAP-USER-KRB5-PASS 1>/dev/null & done while pidof lftp >/dev/null; do echo -n '.' sleep 1 done echo Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/3153
master: * aef0171e0bdc9a683958d69c7ee984fb10cd5de7
Verified bug on SSSD Version: sssd-1.15.2-37.el7.x86_64 This bug was automated after verifying BZ1369079. We successfully executed the code on RHEL7.4 without any errors. The automated code is included within task /sssd/rhel69/client/proxy_provider/misc/apeetham and titled as " sssd-runs-out-of-available-child-slots-and-starts-queuing-requests-in-proxy-mode-bz1369079" This code will be merged into RHEL7.4 master branch shortly. See the results in task /sssd/rhel69/client/proxy_provider/misc/apeetham in beaker job: https://beaker.engineering.redhat.com/jobs/1880650
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294