Is this a product (such as Vintela), or a home-grown solution? If the authentication succeeds, but the shell prompt doesn't complete for a while after, I'd be inclined to blame either the LDAP query that pulls the UID/GID/DIR/SHELL info from AD, or a page-swap-in delay.
If your users are defined locally, and you're just using pam_krb5 to authenticate, check your pam stack and see if you can eliminate the culprit by temporarily taking out modules from the "account" and "session" stacks. Some of the modules also have debug parms and log entries that might help. -----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Friday, March 20, 2009 1:39 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Excessive time for login >>> On 3/20/2009 at 1:28 PM, "Shedlock, George" <gshedl...@aegonusa.com> wrote: > We are running SUSE SLES 10 SP 2. When we login to the server via SSH, our > pam module that validates the userid against Active Directory completes with > a successful logon (as seen on the syslog), but it is some 40-50 seconds > before we see the logon prompt to the user. I've seen this happen when your DNS isn't set up right, or the system cannot reach the DNS server for some reason. Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -------------------------------------------------------------------------- This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended recipient, please notify the sender, do not use or share it and delete it. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or error-free. References to "Merrill Lynch" are references to any company in the Merrill Lynch & Co., Inc. group of companies, which are wholly-owned by Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this E-communication may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with Merrill Lynch you consent to the foregoing. -------------------------------------------------------------------------- ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
