Hi, I have built a MyPoxy CA v5.9 server with authentication integrated with an Active Directory Server through PAM/LDAP to made the authentication of our grid environment. Although the certificate is issued, this authentication has been very slow with many time out before issuing the certificate. For instance:
Feb 18 09:26:39 globus myproxy-server[18245]: Connection from 10.0.0.1 Feb 18 09:26:39 globus myproxy-server[18245]: Authenticated client <anonymous> Feb 18 09:26:42 globus myproxy-server[18245]: Received GET request for username fabio Feb 18 09:27:02 globus myproxy-server[18245]: pam_ldap: ldap_result Timed out Feb 18 09:27:02 globus myproxy-server[18245]: pam_ldap: ldap_result Timed out Feb 18 09:27:02 globus myproxy-server[18245]: pam_ldap: ldap_result Timed out Feb 18 09:27:22 globus myproxy-server[18245]: PAM authentication succeeded for fabio Feb 18 09:27:22 globus myproxy-server[18245]: Got a cert request for user "fabio", with pubkey hash "0x87696e4", and lifetime "43200" Feb 18 09:27:22 globus myproxy-server[18245]: Issued certificate for user "fabio", with DN "/O=Grid/OU=Globus/OU= simpleCA-globus.mydomain.com/OU=local/GN=fabio/CN=FABIO MOREIRA DE SOUZA", lifetime "43200", and serial number "0x22" Feb 18 09:27:22 globus myproxy-server[18245]: Client <anonymous> disconnected The server is a CentOS 6.5 with PAM configured into the file /etc/pam_ldap.conf as following: host ldapcluster.mydomain.com ldap_version 3 base dc=mydomain,dc=com binddn CN=admin,OU=service account,OU=IT,DC=mydomain,DC=com bindpw mypass pam_filter objectclass=User pam_login_attribute sAMAccountName ssl no and the openldap settings into the file /etc/openldap/ldap.conf: TLS_REQCERT allow TLS_CHECKPEER no The configurations from /etc/myproxy-server.config are: pam "sufficient" sasl "sufficient" certificate_issuer_cert /home/globus/.globus/simpleCA/cacert.pem certificate_issuer_key /home/globus/.globus/simpleCA/private/cakey.pem certificate_issuer_key_passphrase "mypass" certificate_serialfile /home/globus/.globus/simpleCA/serial certificate_out_dir /home/globus/.globus/simpleCA/newcerts certificate_mapfile /etc/grid-security/grid-mapfile cert_dir /etc/grid-security/certificates pam_id "myproxy" certificate_mapapp /usr/local/sbin/myproxy-mapapp-ldap and the file /etc/pam.d/myproxy: auth required pam_ldap.so account required pam_ldap.so I'd like to ask some help because sometimes this delay reaches more than 2 minutes. Best Regards, Fabio Souza
