Red Hat Bugzilla – Bug 6528
Lots of in.identd processes hanging around
Last modified: 2008-05-01 11:37:52 EDT
pidentd includes a /etc/rc.d/init.d/pidentd script, but there is no associated rpm script in postun to run /sbin/chkconfig. This makes pidentd run as in.identd, from /etc/inetd.conf (the relevent line is enabled by default) However, after a single ident query, this causes lots of in.identd processes to be created: ~# ps ax | grep -j ident 1705 ? S 0:00 [in.identd] 1706 ? S 0:00 [in.identd] 1707 ? S 0:00 [in.identd] 1708 ? S 0:00 [in.identd] 1709 ? S 0:00 [in.identd] 1710 ? S 0:00 [in.identd] 1711 ? S 0:00 [in.identd] 1712 ? S 0:00 [in.identd] 1713 ? S 0:00 [in.identd] 1714 ? S 0:00 [in.identd] 1715 ? S 0:00 [in.identd] 2029 pts/0 S 0:00 grep -i ident stracing the original process, 1705, shows that it is waiting in accept, and answers if i manually telnet to the ident port, then the strace exits with: ... rt_sigprocmask(SIG_SETMASK, NULL, [RT_0], 8) = 0 rt_sigsuspend([] <unfinished ...> --- SIGRT_0 (Real-time signal 0) --- Is this an strace bug? stracing the other processes cause strace to quite immediately. I've tried adding the -w option to the ident line in /etc/inetd.conf, even though the man page mentions that this should be autodetected, but this doesn't help.
in.identd is now multiply threaded so seeing more than one process is normal. The number of threads used can be changed in /etc/identd.conf where the default is #-- Maximum number of threads doing kernel lookups kernel:threads = 8 You can either use the new /etc/rc.d/init.d/pidentd script (disabled by default so there's no rpm %post script to run chkconfig) or the older inetd method to start the daemon (enabled by default), but you should not use both methods. Dunno what strace does with multiply threaded programs ... You might check /usr/doc/pidentd-3.0.3 fro more details about how to start the daemon.
I was only using it from inetd. The initscript commant was just an addition thing. The point of spawning it from inted is that the process doesn't need to be running all the time. All the processes were started up from inetd - ie in the default configuration. If the threading support does this, then surely it should be turned off by default?
Check your inetd.conf line -- it should look like auth stream tcp wait root /usr/sbin/in.identd in.identd -e -o (/etc/inetd.conf is marked %config(noreplace) -- that means that an upgrade of netkit-base does *not* change the file and cannot change the flags by which identd is started by inetd).
Yep, thats what it says. The docs advised that when using wait, -w could be used, but it should be autodetected. This didn't make a difference.
I've fixed it by either running identd in daemon mode, or appending the -w to the inetd.conf: auth stream tcp wait root /usr/sbin/in.identd in.identd -e -o -w It does not seem to detect daemon/inetd mode in the RH61 releas. BTW: if -w does not work for you, try killall identd;killall -1 inetd :)
Uh oh, me again speaking before closely examining. My problems with identd were of a different kind. Adding the -w option only lead to me SIGHUPping inetd, which seem to fix some race conditions with an already running identd outside of inetd. This lead to identd "HANGS" resembling starting identd in a daemon mode from inetd. ------- Additional Comments From 11/01/99 14:26 ------- I am on dial up and do not want to run identd as a daemon. I have always run it via inetd in the past but even with -w appended to the auth entry in /etc/inetd.conf and a -HUP of inetd it keeps spawning 11 procs. The first is running as user nobody, as it should I gather, but then it's spawning a child as root and that child is spawning the rest running as root. They do not close themselves after an interval. I tried setting 'kernel:threads = 1' in /etc/identd.conf but it still spawns 1 as nobody and 3 as root. As before they seem to remain running indefinately.
Whats about changing the "wait" in /etc/inetd.conf to "nowait"?
I changed the identd line in inetd.conf to "nowait", since it makes little sense to have a lot of identd running when you dial up occasionnaly. This seems to work fine.
nowait doesn't work. It appears to, but after I while I end up with a lot of in.ident processes. It got up to forty processes at one stage.
*** Bug 8020 has been marked as a duplicate of this bug. ***
Shouldn't there be a -i option on in.identd when it is started from inetd with wait? That seems to have solved it for me. auth stream tcp wait root /usr/sbin/in.identd in.identd -e -o -i
Actually, I meant 'nowait', and no, it doesn't really work either. The only solution I have found is to uninstall pidentd, get the pidentd from RH6.0 (pidentd-2.8.5-3), install it, and change the inetd.conf entry: auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l -e -o This new pidentd really needs to be a wrapper which can call either the threaded or unthreaded versions depending either on command line options, or identd.conf (preferably a command line flag (-i) would force the old behavior, and identd.conf would only be used by the threaded version).
This is more of a legacy inetd configuration problem than a pidentd problem. Changing component.
This has been fixed in recent releases, where identd no longer runs from inetd at all