Absent Member.
Absent Member.

Re: Slow authentication

From the sshd side, you can turn off the DNS check that sshd does during login. The security implications of that can be debated... but basically the check is to see what name the IP address of the client resolves to. If the DNS query is made and no answer comes back (i.e. not a positive answer, not a negative answer, but no packets return at all) then it takes 30 seconds to timeout and give up. But you can tell sshd not to bother with this check:

/etc/ssh/sshd_config
UseDNS no

Then "rcsshd restart".

Of course, the better answer is (as covered above) to have good DNS settings which can answer your questions quickly (even if it is to say, "I don't know.") I'm just offering an alternative option. Some people don't control their own DNS and may need this.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Slow authentication

On 02/05/2013 22:33, Stevo wrote:

> So my response to magic31's comment is...
>
> Yes we did go with a .local for our ad dns zone. I checked in
> hosts.conf and nsswitch.conf and saw nothing about mdns. I did recall
> seeing a post online about setting mdns off in /etc/hosts, but I tried
> that and it did not seem to help.
>
> I did find a doc mentioning setting UseDNS no in the
> /etc/ssh/sshd_config file and that helped.


TID 3794674[1] may help.

HTH.

[1] http://www.novell.com/support/kb/doc.php?id=3794674
--
Simon
Novell Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Technology Transfer
Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Slow authentication

Stevo wrote:

> Yes we did go with a .local for our ad dns zone. I checked in
> hosts.conf and nsswitch.conf and saw nothing about mdns. I did recall
> seeing a post online about setting mdns off in /etc/hosts, but I tried
> that and it did not seem to help.


Be careful not to mix up /etc/hosts with /etc/host.conf.

Günther

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Slow authentication

In article <7kXft.1647$8q1.60@kozak.provo.novell.com>, Stevo wrote:
> > I'd be looking at LUM and its friends.

>
> Not sure what I'd be looking for in LUM.
>

Troubleshooting Linux User Management - Step by Step
http://www.novell.com/support/kb/doc.php?id=7002981

in particular, check /etc/nam.conf to make sure all the specified LDAP
servers are:
1) live eDir servers with working LDAP on port 636,
2) eDir servers that have valid A and PTR records in your DNS that you
can resolve from each OES server.


Andy Konecny
Knowledge Partner (voluntary SysOp)
KonecnyConsulting.ca in Toronto
----------------------------------------------------------------------
Andy's Profile: http://forums.novell.com/member.php?userid=75037


___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.