[linux] System lockouts

David Talkington dtalk at u.washington.edu
Wed Sep 24 20:34:15 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Abrahamsen complains:


> I've got an Athlon XP box running

> Gentoo, 2.4.21, openldap (for authentication only), vcron, metalog, apache2,

> exim, sshd, and a few other goodies.


*puff puff pant*


> Every once in a while - every couple weeks, nowadays - the system will lock

> me out.


I'd take frequent breaks too, if you had me doing all that work by myself.
;)


> I can see that instances of exim, ldap and cron (showing as

> /USR/SBIN/CRON in ps output, if I remember correctly) - more than usual. ssh

> connections freeze after I give my password, or after it does pubkey auth if

> I'm using a key. Local logins time out. If I've left a console open, I am

> unable to get to my LDAP server.


[ snip other stuff that sounds suspiciously like resource starvation ]

Load? Number of processes?

LDAP is pretty demanding. Login authentication is just the tip of the
iceberg ... any process on the system that needs any information about
file ownership or access -- even such seemingly innocuous things as 'ls
- -l' -- will be asking LDAP, and that might be pretty intense on a box
that's doing mail, web services, and login.

If you're not able to offload some of that stuff (starting with LDAP),
have you considered at least using nscd? It might give you some breathing
room. Another key is to make sure root logins (or some other designated
service account) do not auth against LDAP, so that you can still get in if
slapd falls down.

Could be some esoteric problem, but those are the things that I'd wonder
about first ...

Cheers ... -d

- --
David Talkington
Computing and Communications
University of Washington
Box 354844
206-543-2144

dtalk at u.washington.edu

PGP key: http://staff.washington.edu/dtalk/CDB83FFC.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE/cmI5CwvUCM24P/wRAlBpAKCdmYc9Fgskh0iivlz6slUuI0d87ACghAmX
lsMRwo9DSf4mMNZ4l6JwL2o=
=6ydd
-----END PGP SIGNATURE-----



More information about the Linux mailing list