Re: Machine not locked-up but can't log on either

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 04, 2006 at 01:15:17PM -0400, Ryan Golhar wrote:
> Yes, I do use LDAP authentication (but the root user is a local user). 
> 
> I'm also limiting who is allow to connect through ssh via
> /etc/hosts.allow.  I'm restricting it to the ISPs of our users.  I
> suppose its possible someone is trying to gain access from one of those
> ISPs, but the logs of the other machines only show an occassional failed
> login attempt.  Would the ssh login attempts also prevent me from
> logging in from the console?
> 
> Ryan
> 

Probably.  LDAP has a nasty habit of taking a really long time to time out
on things to even give your local user account a chance to authenticate.
Probably DNS lookup is timing out and then either the LDAP bind process
tries to time out or gets hung.  In the end, the local authentication never
even gets a chance to run.

I know there have been some decent posts on tweaking the timeouts and/or PAM
to behave better in this situation... but it's also one of the reasons I
changed my CTRL-ALT-DEL key to disable LDAP so I could get into a server in
this state.

Doesn't work so well for a remote box though. :)

Ray

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux