Bug 459057 - Use of pam_access in WBEM causes DNS-related slowdowns
Use of pam_access in WBEM causes DNS-related slowdowns
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2008-08-14 01:08 EDT by Tim Potter
Modified: 2013-11-22 05:24 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 07:24:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tim Potter 2008-08-14 01:08:52 EDT
Description of problem:

RH has added the pam_access module (configured via the /etc/Pegasus/access.conf file) to the PAM stack for OpenPegasus.  Unfortunately due to the design of the  pam_access module it thinks the wbemLocal and wbemNetwork keywords are hostnames and tries to do DNS lookups on them.  This causes delays before the WBEM credentials are authorized while these unecessary DNS lookups fail or time out.

A workaround is to comment out the pam_access line in the /etc/pam.d/wbem file.  When this is done making WBEM requests is much snappier.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Tomas Mraz 2008-11-11 09:56:31 EST
pam_access should be fixed to not resolve the origin if the matching line doesn't contain ip or ip/netmask.
Comment 6 Chris Ward 2009-07-03 14:06:19 EDT
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 7 Tim Potter 2009-07-07 22:33:14 EDT
Verified as fixed in RHEL5.4 beta1.
Comment 9 errata-xmlrpc 2009-09-02 07:24:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.