Red Hat Bugzilla – Bug 84070
RSH performance issue with hosts.equiv
Last modified: 2007-04-18 12:51:00 EDT
Description of problem:
This is actually with rsh-server, but I didn't see it as one of the choices.
rsh-server when used with /etc/hosts.equiv will perfom many unecessary host
lookups which causes significant delays in large environments, the scenario is
In this environment there are many hosts listed in hosts.equiv, those hostnames
are resolvable through /etc/hosts distributed by NIS. Hosts in nsswitch.conf is
configured to use files, then nis, then DNS. What happens is that every entry in
hosts.equiv, we get a resolution attempt through /etc/hosts, DNS, NIS seemingly
at the same time. This can cause login attempts to take sometimes minutes to
complete. It seems that we should only be getting resolution attempts for the
client host name to see if it matches an entry in hosts.equiv. I suspect there
might also be a resolver library bug of some sort as well.
This problem DOES NOT occur when .rhosts files are in use.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. see description
Logins work as expected but many, many unneeded lookups occur. The lookups can
be verified with either a packet analyzer on the network or strace'ing the rshd
Logins should work and unnecessary host lookups should not be performed.
Unfortunately, 'scrap rsh/rlogin & NIS for hostnames and use ssh and DNS
instead' is not an acceptable answer in this environment. Joshua Jensen and Tim
Kramer (both at Red Hat) can provide more information if needed. See also IT#
10403. See also the attached strace.
Created attachment 90013 [details]
trace of rshd
Won't fix. The code that evaluates /etc/hosts.equiv is located in the
pam_rhosts_auth module. And the logic of code is right because into
this file you can save aliases or other thigs and safe way how compare
remote host with a host in the hosts.equiv is convert all to IP.