2142639 – pam mutex lock causing high etimes, affecting red hat internal sso

Bug 2142639 - pam mutex lock causing high etimes, affecting red hat internal sso

Summary: pam mutex lock causing high etimes, affecting red hat internal sso

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	12.2
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	DS12.2
Target Release:	dirsrv-12.2
Assignee:	thierry bordaz
QA Contact:	LDAP QA Team
Docs Contact:	Mugdha Soni
URL:
Whiteboard:	sync-to-jira
Depends On:	2075858
Blocks:	2142636 2142638 2177232 2177233 2177234
TreeView+	depends on / blocked

Reported:	2022-11-14 17:25 UTC by thierry bordaz
Modified:	2023-08-03 12:20 UTC (History)
CC List:	11 users (show)
Fixed In Version:	redhat-ds-12-9020020221130212339.1674d57
Doc Type:	Enhancement
Doc Text:	.New `pamModuleIsThreadSafe` configuration option is now available When a PAM module is thread-safe, you can improve the PAM authentication throughput and response time of that specific module, by setting the new `pamModuleIsThreadSafe` configuration option to `yes`: ---- pamModuleIsThreadSafe: yes ---- This configuration applies on the PAM module configuration entry (child of `cn=PAM Pass Through Auth,cn=plugins,cn=config`). Use `pamModuleIsThreadSafe` option in the `dse.ldif` configuration file or the `ldapmodify` command. Note that the `ldapmodify` command requires you to restart the server.
Clone Of:	2075858
Environment:
Last Closed:	2023-05-30 09:40:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	389ds 389-ds-base issues 5271	None	closed	Serialization of pam_passthrough causing high etimes	2022-11-15 09:29:01 UTC
Red Hat Issue Tracker	IDMDS-2629	None	None	None	2022-11-14 17:29:07 UTC
Red Hat Issue Tracker	IDMDS-2778	None	None	None	2023-02-09 11:20:17 UTC
Red Hat Product Errata	RHBA-2023:3344	None	None	None	2023-05-30 09:41:09 UTC

Comment 3 thierry bordaz 2022-11-15 09:29:02 UTC

The fix is available upstream -> POST

Comment 6 mreynolds 2023-02-16 15:53:21 UTC

Developer Sanity Test

Internal repo for RHDS 12.2 shows code is present:

$ git checkout Directory_Server_12_2_0 
Switched to branch 'Directory_Server_12_2_0'
$ grep -r pamModuleIsThreadSafe *
ldap/servers/plugins/pam_passthru/pam_passthru.h:#define PAMPT_THREAD_SAFE_ATTR "pamModuleIsThreadSafe" /* single */

Comment 8 bsmejkal 2023-02-23 15:37:58 UTC

As per comment #c6 marking as VERIFIED.

Comment 11 Evgenia Martynyuk 2023-03-09 13:26:05 UTC

Hi Thierry!

I agree with you. For now we  will create a RN text for DS 12.2. 

Thanks, 
Evgenia

Comment 17 errata-xmlrpc 2023-05-30 09:40:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (redhat-ds:12 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:3344

Note You need to log in before you can comment on or make changes to this bug.