Description of problem: This is actually with rsh-server, but I didn't see it as one of the choices. rsh-server when used with /etc/hosts.equiv will perfom many unecessary host lookups which causes significant delays in large environments, the scenario is as follows: In this environment there are many hosts listed in hosts.equiv, those hostnames are resolvable through /etc/hosts distributed by NIS. Hosts in nsswitch.conf is configured to use files, then nis, then DNS. What happens is that every entry in hosts.equiv, we get a resolution attempt through /etc/hosts, DNS, NIS seemingly at the same time. This can cause login attempts to take sometimes minutes to complete. It seems that we should only be getting resolution attempts for the client host name to see if it matches an entry in hosts.equiv. I suspect there might also be a resolver library bug of some sort as well. This problem DOES NOT occur when .rhosts files are in use. Version-Release number of selected component (if applicable): RH 6.2 glibc-devel-2.1.3-15 rsh-server-0.16-12 RH7.0 glibc-devel-2.1.92-14 rsh-server-0.17-2.2 RH7.1 glibc-devel-2.2.4-19 rsh-server-0.17-2.5 RH7.2 glibc-devel-2.2.4-24 rsh-server-0.17-5 How reproducible: Always Steps to Reproduce: 1. see description 2. 3. Actual results: Logins work as expected but many, many unneeded lookups occur. The lookups can be verified with either a packet analyzer on the network or strace'ing the rshd process. Expected results: Logins should work and unnecessary host lookups should not be performed. Additional info: Unfortunately, 'scrap rsh/rlogin & NIS for hostnames and use ssh and DNS instead' is not an acceptable answer in this environment. Joshua Jensen and Tim Kramer (both at Red Hat) can provide more information if needed. See also IT# 10403. See also the attached strace.
Created attachment 90013 [details] trace of rshd
Won't fix. The code that evaluates /etc/hosts.equiv is located in the pam_rhosts_auth module. And the logic of code is right because into this file you can save aliases or other thigs and safe way how compare remote host with a host in the hosts.equiv is convert all to IP.