port-i386: Re: Odd performance issue with 'su'

Subject: Re: Odd performance issue with 'su'
To: David Burgess <burgess@neonramp.com>
From: Ernst du Toit <et@houseofet.com>
List: port-i386
Date: 12/10/2002 14:23:38
Sounds indeed like a Kerberos timeout - around NetBSD-1.5 I remember su(1) had Kerberos auth by default but it's changed since then. 

Have you installed with Kerberos authentication, but not fully completed the implementation yet? If this is the case, then the delay for the timeout is to be expected, otherwise I'm wondering if the Kerberos-by-default is creeping back in.

Note: Kerberos-by-default is a good thing, IMHO, but then the rest of the install must also walk one through the configuration :)

--et

On Mon, 9 Dec 2002 18:34:29 -0600 (CST)
"David Burgess" <burgess@neonramp.com> wrote:

> Good suggestion.  I can reliably get su'ed in with the -K option, but the
> performance with the Kerberos auth is bad.  I really do need to finish
> that up.
> 
> Dave
> 
> >
> > Have you tried the -K option for su to prevent a Kerberos authenticate
> > request just to see if it is indeed Kerberos related?
> >
> > --et
> >
> >
> >
> > On Mon, 9 Dec 2002 17:37:17 -0600 (CST)
> > "David Burgess" <burgess@neonramp.com> wrote:
> >
> >> Thanks - I'll get the rest of the systems set up for Kerberos and see
> >> if that helps.
> >>
> >> Dave
> >>
> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> > Hash: SHA1
> >> >
> >> > "David Burgess" <burgess@neonramp.com> writes:
> >> >
> >> >> On a couple of the machines, for no reason that I can fathom, the
> >> 'su' command takes up to 90 seconds to respond with a 'password:'
> >> response.
> >> >>  Specifically, it happens most often on the primary mail server in
> >> the
> >> >> mail cluster, but on other machines as well.  The problem comes and
> >> goes, but is definitely worse since I started the 1.6 upgrade.
> >> >
> >> > I suspect it's doing some sort of magic behind-the-scenes kerberos 5
> >> server discovery.
> >> >
> >> > - --Michael
> >> > -----BEGIN PGP SIGNATURE-----
> >> > Version: GnuPG v1.2.1 (NetBSD)
> >> > Comment: See http://www.flame.org/~explorer/pgp for my keys
> >> >
> >> > iD8DBQE99Sh/l6Nz7kJWYWYRAv+4AJ9Mc0ocRz8pph6JF6QSuR5lHRmfrwCfeSkK
> >> V4lhCKCl/GjbPd92OxC4vhI=
> >> > =AFJi
> >> > -----END PGP SIGNATURE-----
> >>
> >>
> >> --
> >> Dave Burgess
> >> CTO, Nebraska On-Ramp
> >> Chief Engineer, Mitec Internet Services
> >> Bellevue, NE 68123
> >>
> >>
> >>
> 
> 
> -- 
> Dave Burgess
> CTO, Nebraska On-Ramp
> Chief Engineer, Mitec Internet Services
> Bellevue, NE 68123
> 
> 
>