[Date Prev][Date Next]
Timeouts over LDAPS
I'm having some trouble with time-outs when using ldaps with pam.
If the slapd opens an incoming ssl connection, but do not respond correctly
(like if the Berkley database breaks down, which unfortunately seems to
happen from time to time), the ldap-pam-module will hang more or less
indefinitely. This is rather unfortunate, since it makes logging in and
repairing the database much more tedious.
If we use just plain ldap (not using openssl), the connection times out
rather quickly, and pam tries the next authentication method which works
as expected, and the problem can be fixed. But unfortunately that also opens
up some security risks, since we can't be sure we connect to the proper ldap
"Capital letters were always the best way of dealing
with things you didn't have a good answer to."
- Douglas Adams