glibc update breaks NIS compat mode on Lucid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I recently experienced a major slowdown (>10 sec) when logging on the NIS server at my work place. Our admin Paul Raines found that the issue was caused by a recent glibc update (2.11.1-0ubuntu7.8 posted on Feb 01, 2011), which appeared to break the "compat" mode for password settings in /etc/nsswitch.conf
Observations:
With the latest update of libc on Lucid and setting passwd/group/shadow as "compat", any remote authentication process will take over 10 seconds to respond. This include showing the login window by gdm/xdm, verifying password, and any gksu/sudo commands. To test the delay, I followed the comment #3 from Bug #335584 and ran
sudo strace -vft -o /tmp/trace sudo true
I noticed two 5-seconds time-out from the dumped log.
Work-around:
After changing passwd/group/shadow from "compat" to "files nis" in the /etc/nsswitch.conf file, the above mentioned long-delay went away.
Here I attached the reply from Paul and my original test. We appreciate if anyone can double check with the mentioned update and see if there is a solution for this.
My computer is running Lucid 10.04.2 LTS, with a kernel version 2.6.32-27.
=======
Subject: Re: lost connection to home from kwafoo
Date: Wed, 16 Feb 2011 09:52:38 -0500 (EST)
From: Help Desk -- Paul Raines <help at nmr>
To: Qianqian Fang <fangq at nmr>
I changed /etc/nsswitch.conf so that instead of 'compat' for passwd, group
shadow I have 'files nis'. This seems to have made the long NIS timeouts
go away. This means that that '+/-' lines in /etc/passwd will not work
though. I suggest you file a bug with Ubuntu saying 'compat' mode has
broken in the lastest glibc release which appears to have updated Feb 1st.
On Tue, 15 Feb 2011, Qianqian Fang wrote:
> ....
> although, the computer is still not completely normal.
> When I select user name, type password in the xdm/gdm
> window, or run any command with sudo, I get over 10
> seconds long delay between each action.
>
> I did some strace following this comment:
>
> https:/
>
> and the output for
>
> sudo strace -vft -o /tmp/trace sudo true
>
> is placed at /space/
>
> I can see there are two 5-second time-outs during this
> command: one at line#28556 and one at #29149. In
> either case, kwafoo tried to send some data through a socket to
> 132.183.203.49, which I believe is a computer
> named "sake", but it failed with time-out.
>
> I don't know what sake does in the nis configuration,
> but somehow it does not communicate with kwafoo
> properly. Strangely, the earlier communications
> does work. This behavior is reproducible when running
> the above command.
>
> Can anyone make heads and tails out of this log file?
>
> thanks
>
> Qianqian
Status changed to 'Confirmed' because the bug affects multiple users.