Hi list, When I try to login to my Gentoo installation (hardened/selinux/amd64/no-multilib) at TTY, after entering username and password it takes a long time to show prompt. I track down this problem to the some DNS resolution taking place at startup. i.e. when my default gateway is connected to internet, I can log-in normally, but when I'm not connected, I experience this issue. I was also getting few days back a selinux denial for 'locallogin_t', so with the help of Chris PeBenito, I fixed that issue by adding following rule to my local SELinux policy:
----8<----8<---- auth_use_nsswitch(local_login_t) ---->8---->8---- I'm not able to figure out why it needs to do DNS resolution at login. Following are my related pam configuration files: ----8<----8<---- [EMAIL PROTECTED] ~ $ cat /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3 password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow password required pam_deny.so session required pam_limits.so session required pam_unix.so [EMAIL PROTECTED] ~ $ cat /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root auth required pam_shells.so auth required pam_nologin.so auth include system-auth account required pam_access.so account include system-auth account required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_env.so session optional pam_lastlog.so session optional pam_motd.so motd=/etc/motd session optional pam_mail.so # If you want to enable pam_console, uncomment the following line # and read carefully README.pam_console in /usr/share/doc/pam* #session optional pam_console.so session include system-auth # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open [EMAIL PROTECTED] ~ $ getent hosts `hostname` ::1 localhost chatteau.d.lf chatteau localhost.localdomain [EMAIL PROTECTED] ~ $ getent hosts 127.0.0.1 127.0.0.1 localhost chatteau.d.lf chatteau localhost.localdomain ---->8---->8---- The long delay is only experienced when user is successfully authenticated. So I think its somewhere in 'session' phase of PAM, though I'm not sure on this. Any idea what would be wrong here ? TIA -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
