Bug 2142639 - pam mutex lock causing high etimes, affecting red hat internal sso
Summary: pam mutex lock causing high etimes, affecting red hat internal sso
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: 389-ds-base
Version: 12.2
Hardware: x86_64
OS: Linux
high
high
Target Milestone: DS12.2
: dirsrv-12.2
Assignee: thierry bordaz
QA Contact: LDAP QA Team
Mugdha Soni
URL:
Whiteboard: sync-to-jira
Depends On: 2075858
Blocks: 2142636 2142638 2177232 2177233 2177234
TreeView+ depends on / blocked
 
Reported: 2022-11-14 17:25 UTC by thierry bordaz
Modified: 2023-08-03 12:20 UTC (History)
11 users (show)

Fixed In Version: redhat-ds-12-9020020221130212339.1674d57
Doc Type: Enhancement
Doc Text:
.New `pamModuleIsThreadSafe` configuration option is now available When a PAM module is thread-safe, you can improve the PAM authentication throughput and response time of that specific module, by setting the new `pamModuleIsThreadSafe` configuration option to `yes`: ---- pamModuleIsThreadSafe: yes ---- This configuration applies on the PAM module configuration entry (child of `cn=PAM Pass Through Auth,cn=plugins,cn=config`). Use `pamModuleIsThreadSafe` option in the `dse.ldif` configuration file or the `ldapmodify` command. Note that the `ldapmodify` command requires you to restart the server.
Clone Of: 2075858
Environment:
Last Closed: 2023-05-30 09:40:35 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 5271 0 None closed Serialization of pam_passthrough causing high etimes 2022-11-15 09:29:01 UTC
Red Hat Issue Tracker IDMDS-2629 0 None None None 2022-11-14 17:29:07 UTC
Red Hat Issue Tracker IDMDS-2778 0 None None None 2023-02-09 11:20:17 UTC
Red Hat Product Errata RHBA-2023:3344 0 None None None 2023-05-30 09:41:09 UTC

Comment 3 thierry bordaz 2022-11-15 09:29:02 UTC
The fix is available upstream -> POST

Comment 6 mreynolds 2023-02-16 15:53:21 UTC
Developer Sanity Test

Internal repo for RHDS 12.2 shows code is present:

$ git checkout Directory_Server_12_2_0 
Switched to branch 'Directory_Server_12_2_0'
$ grep -r pamModuleIsThreadSafe *
ldap/servers/plugins/pam_passthru/pam_passthru.h:#define PAMPT_THREAD_SAFE_ATTR "pamModuleIsThreadSafe" /* single */

Comment 8 bsmejkal 2023-02-23 15:37:58 UTC
As per comment #c6 marking as VERIFIED.

Comment 11 Evgenia Martynyuk 2023-03-09 13:26:05 UTC
Hi Thierry!

I agree with you. For now we  will create a RN text for DS 12.2. 

Thanks, 
Evgenia

Comment 17 errata-xmlrpc 2023-05-30 09:40:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (redhat-ds:12 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:3344


Note You need to log in before you can comment on or make changes to this bug.