retitle 315622 libkrb53: add timeout on DNS lookups severity 315622 wishlist tags 315622 upstream forwarded 315622 http://krbdev.mit.edu/rt/Ticket/Display.html?id=4114 thanks
I've investigated the hang when there's no network and tracked it down to a hang in DNS lookups, which really can't be solved in the PAM module itself. The workaround is to use ignore_root or (in the new version that's about to be released) minimum_uid. Ideally, the Kerberos library should provide a way to set a timeout; I've submitted an upstream MIT Kerberos bug about that and am reassigning this bug to libkrb53. The other problem originally reported in this bug, a failure in the whole PAM stack when krb5.conf is in AFS and can't be loaded, I can't duplicate except when it causes a timeout in login. Any failure causes fallover to the next PAM module for me as it should. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
