[ale] sudo, ldap, local user, SLOW!
Jim Kinney
jim.kinney at gmail.com
Sat Sep 27 08:56:36 EDT 2008
I have a strange problem that I'm not finding a solution to.
Server (redhat 5 EL) uses ldap for user authentication and also has some
local accounts that are not in ldap. nsswitch is set for files ldap for
passwd.
I can run "getent passwd | grep localuser" and it returns correct data in
about .5 seconds. It does the same for an ldap account check.
The fun begins when an ldap user tries to run "sudo su - localuser".
(localuser is a process account like "oracle" and others) What the user sees
is 2+ minutes of system hang then success. What I see when tailing logs is
sudo trying to talk through ldap to get authentication. It shows no
connection, failure to bind errors. It eventually times out and at that time
the user sees the successful su change.
sudoers file allows the ldap user to use su.
I'm suspicious that something is not talking right with PAM for sudo. It
_should_ be getting al its user credentialling through PAM. But the sudo
module in PAM is calling system-auth which _has_ the proper local file, ldap
stuff since that's how logins are handled.
?????ideas?????
--
--
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20080927/fccb822b/attachment.html
More information about the Ale
mailing list