Many thanks for the reply Michael, I'll try that and report back if needed. Gustavo
2015-03-26 23:23 GMT+00:00 Michael Stauber <mstau...@blueonyx.it>: > Hi Gustavo, > > > Ignore my "find" observation. Apparently, nothing to do with it. > > Yeah, you had me quite worried there, as that certainly would have not > been normal to run. > > When you login as "admin" it might take a bit longer as the newsfeed > from www.blueonyx.it is parsed. However: That code has a timeout of 5 > seconds programmed in. So if www.blueonyx.it doesn't react within 5 > seconds, the page will still render, but without the news. > > So I think we can ditch the idea that the GUI is the main contributing > factor to the slow logins. The problem is probably deeper and that's > where I'd start the investigations. > > The login works like this: Once you're on the login form and submit > username and password, then the GUI contacts CCEd via a socket operation > and issues the following command: > > AUTH username "password" > > CCEd then first checks if the User exists in the CODB database. For this > it runs a "FIND username" to find out if that user has an CODB object in > the CODB database. > > If so, CCEd will use PAM to verify the username and password against the > PAM database. > > If both checks succeed, CCEd will respond to the GUI over the Unix > socket and will report something like this: > > 109 SESSIONID AdY...GZjDn > 201 O > > The username and session ID will then be stored in a browser cookie and > will be used in all subsequent authentications between browser and GUI. > Until the login is voluntarily ended with a logout, or the session ID > expires due to inactivity (26 minutes standard, 60 minutes as possible > maximum). > > If the login user doesn't exist in CODB or the PAM authentication > failed, then the response is just a very brief "401 FAIL" instead. > > Now you can easily troubleshoot this login phase on the command line > without using the GUI: > > Login by SSH as "admin" and "su -" to gain root access. Then run this > command: /usr/sausalito/bin/cceclient > > It will give you a CSCP prompt like this: > > [root@5208r ~]# /usr/sausalito/bin/cceclient > 100 CSCP/0.99 > 200 READY > > On that enter the following: > > AUTH admin "password" > > Where "password" is your admin-password. Check how long it takes until > you get the "109 SESSIONID ..." response. Compare that with how long it > takes for the GUI-login. It should not take considerably longer. > > If the AUTH via cceclient is already *very* slow, then we can assume > that one or two things might be amiss: > > 1.) The CODB database might be a bit corrupted and it takes too long to > run the 'FIND User name="admin"' command to look up the login user in CODB. > > ... and/or ... > > 2.) The PAM database or PAM login procedure might be corrupted. On > BlueOnyx we use /etc/passwd, /etc/shadow for logins, but via roundtrips > through the PAM mechanism. It is possible that some third party software > (not by BlueOnyx and not from the shop) might have messed with PAM. > > In that case it would be necessary to troubleshoot the PAM layer to see > what's there and how it is configured in your case. > > In any case: If PAM is the culprit, then all other logins (SMTP-auth, > Dovecot, FTP) also should take considerably longer than normal. Not just > the GUI. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > -- Um abraço, Gustavo
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
