Bug#878625: systemd: NIS users login takes longtime.
If I understand the problem correct, systemd changed the setup to block access to the network for several services used during login, and this break any NSS module fetching information from a network service, like the NIS one. If so, this problem will affect others, like libnss-ldap and libnss-mdns, and is not NIS specific. It will not affect NSS modules with a separate daemon connecting to the network service, like libnss-ldapd and libnss-sss. The recommondation to use the Name Service Cache Daemon (nscd) will cause new and interesting problems with NIS, and is perhaps not the best way to solve this. The NSCD cache some times will end up in an inconsistent state, and might cause users to log in with an incomplete set of groups, if I recall the problem correctly. It seem safer to not block all network connections when some of the "network enabled" NSS modules are active. -- Happy hacking Petter Reinholdtsen
Bug#930424: cflow: provide html version of cflow.info
Source: cflow Severity: wishlist Dear Maintainer, please provide html version of cflow.info. Possibly, it worth also splitting documentation (and localization data, too) into separate binary packages. -- System Information: Debian Release: 10.0 APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=eo.utf8, LC_CTYPE=eo.utf8 (charmap=UTF-8), LANGUAGE=eo.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: runit (via /run/runit.stopit) LSM: AppArmor: enabled pgpz6o42kiHk9.pgp Description: PGP signature
Bug#878625: systemd: NIS users login takes longtime.
Am 12.06.19 um 14:06 schrieb Petter Reinholdtsen: > If I understand the problem correct, systemd changed the setup to block access > to the network for several services used during login, and this break > any NSS module fetching information from a network service, like the NIS > one. More specifically, systemd-logind.service was locked down considerably including IPAddressDeny=any If so, this problem will affect others, like libnss-ldap and > libnss-mdns, and is not NIS specific. It will not affect NSS modules > with a separate daemon connecting to the network service, like libnss-ldapd > and libnss-sss. > > The recommondation to use the Name Service Cache Daemon (nscd) will cause > new and interesting problems with NIS, and is perhaps not the best way to > solve this. The NSCD cache some times will end up in an inconsistent state, > and might cause users to log in with an incomplete set of groups, if I > recall the problem correctly. > > It seem safer to not block all network connections when some of the > "network enabled" NSS modules are active. See Lennart's comment at https://github.com/systemd/systemd/issues/7074#issuecomment-338157851 He suggests that the nis package could ship a drop-in config snippet in /lib/systemd/system/systemd-logind.service.d/ which turns off that sandbox feature. This seems like a reasonable fix that would be worthwile having in buster in case anyone still cares for the nis package. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#878625: systemd: NIS users login takes longtime.
Am 12.06.19 um 14:06 schrieb Petter Reinholdtsen: > If so, this problem will affect others, like libnss-ldap and > libnss-mdns, and is not NIS specific. Afair, libnss-ldapd is nowadays recommended over libnss-ldap. As for libnss-mdns: Doesn't it use the locally installed avahi-daemon to do the lookups? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#698359: updated links
These are updated links to the fork mentioned by the submitter: https://www.c-amie.co.uk/software/analog/ https://github.com/c-amie/analog-ce It looks like the c-amie fork has diverged, from a quick diff it is missing some ipv6 stuff we have in our version .. Paolo
RE : Sunshine Color Bob ,travel and outside for this summer 🚩
96 LOOSE CULRY ,BODY WAVE ,STRAIGHT ,CURLY ,LOOSE WAVE WHICH YOUR END CLIENTS WANT MOSTLY Available ON Stock Color wig ,cusomized wig only need 3 wokirng days Wana know which the end clients like or any further questions just feel free to contact me . m: +8615018763458 w: [1] www.virginhairvendor.com e: [2] ama...@virginhairvendor.com Fineme on Whatsapp:+86 150 1876 3458 [3] VIEW ALL ALL is 100% virgin human hair WIG [4] 在网页中查看邮件 因为您与Virginhairvendor的合作关系,所以收到这封电子邮件。请[5] 确认您同意继续接收经由我们所发送的电子邮件。 如果您不愿意继续接收到任何相关讯息,您可以[6] 在此取消订阅。 此讯息由 ama...@virginhairvendor.com发送给 ama...@virginhairvendor.com Address: Unit1502,C/Block, Buynow Building,596Tianhe Rd., Tianhe District, Guangzhou, China, guangzhou, guangdong 51, China 取消订阅| 管理订阅| 邮件转寄| 回报为垃圾邮件 References: 1. http://virginhairvendor.benchurl.com/c/l?u=829EB9E&e=D5A030&c=E1B82&t=0&seq=1 2. mailto:ama...@virginhairvendor.com 3. http://virginhairvendor.benchurl.com/c/l?u=829EB04&e=D5A030&c=E1B82&t=0&seq=1 4. http://virginhairvendor.benchurl.com/c/v?e=D5A030&c=E1B82&t=0 5. http://virginhairvendor.benchurl.com/c/opt?e=D5A030&c=E1B82&t=0 6. http://virginhairvendor.benchurl.com/c/su?e=D5A030&c=E1B82&t=0 此讯息由 ama...@virginhairvendor.com 发送给 packa...@qa.debian.org 藉由下列连结,您可以修改或更新您的订阅资讯。 http://virginhairvendor.benchurl.com/c/su?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 管理订阅 http://virginhairvendor.benchurl.com/c/s?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 邮件转寄 http://virginhairvendor.benchurl.com/c/f?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 回报为垃圾邮件 http://virginhairvendor.benchurl.com/Abuse?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 Address: Unit1502,C/Block, Buynow Building,596Tianhe Rd., Tianhe District, Guangzhou, China, guangzhou, guangdong 51, China : http://virginhairvendor.benchurl.com/c/v?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 因为您与Virginhairvendor的合作关系,所以收到这封电子邮件。请确认您同意继续接收经由我们所发送的电子邮件。 如果您不愿意继续接收到任何相关讯息,您可以在此取消订阅。 http://virginhairvendor.benchurl.com/c/opt?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4 http://virginhairvendor.benchurl.com/c/su?e=E6D63D&c=E1B82&l=11CBFFBD&email=zHZfZ7k8JhbPHnpcB9BHuwo7Eqk8yGgh&relid=A0B1BF4
Bug#878625: systemd: NIS users login takes longtime.
[Michael Biebl] > Afair, libnss-ldapd is nowadays recommended over libnss-ldap. Sure, but my point is that this issue affect any nss module (and pam modules, perhaps) asking processes to look up information over the net, not only the nis module. > As for libnss-mdns: Doesn't it use the locally installed avahi-daemon > to do the lookups? I'm not sure. I believed it worked without avahi-daemon, but have not invstigated. -- Happy hacking Petter Reinholdtsen
Bug#878625: systemd: NIS users login takes longtime.
Am 12.06.19 um 20:01 schrieb Petter Reinholdtsen: > [Michael Biebl] >> Afair, libnss-ldapd is nowadays recommended over libnss-ldap. > > Sure, but my point is that this issue affect any nss module (and pam > modules, perhaps) asking processes to look up information over the net, > not only the nis module. > If you know any modules besides libnss_nis and libnss_ldap, please let us know. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#878625: systemd: NIS users login takes longtime.
[Michael Biebl] > If you know any modules besides libnss_nis and libnss_ldap, please let > us know. I do not _know_, but here is my best guess based on the output from 'apt-cache search libpam-', 'apt-cache search libnss-' and experience: libpam-heimdal libpam-krb5-migrate-mit libpam-krb5 libpam-radius-auth libpam-python (depending on script used, know debian edu have such script) libpam-script (depending on script used) libpam-slurm libpam-sshauth libpam-winbind libnss-lwres libnss-mdns libnss-pgsql2 (depending on server location) libnss-winbind Might be useful to check those out. It is unclear to me if the login daemon in question uses the PAM system too. -- Happy hacking Petter Reinholdtsen
Bug#878625: systemd: NIS users login takes longtime.
Am 12.06.19 um 22:47 schrieb Petter Reinholdtsen: > > [Michael Biebl] >> If you know any modules besides libnss_nis and libnss_ldap, please let >> us know. > > I do not _know_, but here is my best guess based on the output from > 'apt-cache search libpam-', 'apt-cache search libnss-' and experience: > > libpam-heimdal > libpam-krb5-migrate-mit > libpam-krb5 > libpam-radius-auth > libpam-python (depending on script used, know debian edu have such script) > libpam-script (depending on script used) > libpam-slurm > libpam-sshauth > libpam-winbind > libnss-lwres > libnss-mdns > libnss-pgsql2 (depending on server location) > libnss-winbind > > Might be useful to check those out. > > It is unclear to me if the login daemon in question uses the PAM system > too. I don't think libpam-* is relevant here. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
