459057 – Use of pam_access in WBEM causes DNS-related slowdowns

Bug 459057 - Use of pam_access in WBEM causes DNS-related slowdowns

Summary: Use of pam_access in WBEM causes DNS-related slowdowns

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	pam
Sub Component:
Version:	5.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-08-14 05:08 UTC by Tim Potter
Modified:	2018-10-19 19:21 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-02 11:24:16 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:1358	0	normal	SHIPPED_LIVE	pam bug fix and enhancement update	2009-09-01 10:53:02 UTC

Description Tim Potter 2008-08-14 05:08:52 UTC

Description of problem:

RH has added the pam_access module (configured via the /etc/Pegasus/access.conf file) to the PAM stack for OpenPegasus.  Unfortunately due to the design of the  pam_access module it thinks the wbemLocal and wbemNetwork keywords are hostnames and tries to do DNS lookups on them.  This causes delays before the WBEM credentials are authorized while these unecessary DNS lookups fail or time out.

A workaround is to comment out the pam_access line in the /etc/pam.d/wbem file.  When this is done making WBEM requests is much snappier.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tomas Mraz 2008-11-11 14:56:31 UTC

pam_access should be fixed to not resolve the origin if the matching line doesn't contain ip or ip/netmask.

Comment 6 Chris Ward 2009-07-03 18:06:19 UTC

~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.

Comment 7 Tim Potter 2009-07-08 02:33:14 UTC

Verified as fixed in RHEL5.4 beta1.

Comment 9 errata-xmlrpc 2009-09-02 11:24:16 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1358.html

Note You need to log in before you can comment on or make changes to this bug.